Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29/09/2024, 19:49 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe
Resource
win7-20240903-en
General
-
Target
2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe
-
Size
1.5MB
-
MD5
60d67ffa3078eaada9390dae7e76b60d
-
SHA1
bdc75a0ea1ad4364b341aedd86b7152b11ed95b1
-
SHA256
2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116
-
SHA512
11e9f741e8f7068643e1233153436766d099219b0ac19f4a2551117e00ea10dd06400ace58cb2b384197e05ea90e17fe0191d1b9eb71d2d36814b2cc2baec6ae
-
SSDEEP
24576:J6keZtWQjFsqjnhMgeiCl7G0nehbGZpbD:J6kenWeDmg27RnWGj
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 480 Process not Found 2072 alg.exe 2708 aspnet_state.exe 2724 mscorsvw.exe 2904 mscorsvw.exe 2672 mscorsvw.exe 476 mscorsvw.exe 548 ehRecvr.exe 324 ehsched.exe 2472 elevation_service.exe 2052 IEEtwCollector.exe 1084 GROOVE.EXE 2304 maintenanceservice.exe 2164 msdtc.exe 1608 msiexec.exe 2560 OSE.EXE 2992 perfhost.exe 2160 locator.exe 2948 snmptrap.exe 1752 vds.exe 1416 vssvc.exe 2500 wbengine.exe 1096 WmiApSrv.exe 1156 wmpnetwk.exe 2152 SearchIndexer.exe 2216 mscorsvw.exe 1272 mscorsvw.exe 1656 mscorsvw.exe 2820 mscorsvw.exe 2752 mscorsvw.exe 1440 mscorsvw.exe 1840 mscorsvw.exe 2228 mscorsvw.exe 824 mscorsvw.exe 2392 mscorsvw.exe 1044 mscorsvw.exe 2096 mscorsvw.exe 1500 mscorsvw.exe 2120 mscorsvw.exe 752 mscorsvw.exe 2208 mscorsvw.exe 2096 mscorsvw.exe 1708 mscorsvw.exe 2824 mscorsvw.exe 2628 mscorsvw.exe 2852 mscorsvw.exe 1704 mscorsvw.exe 2080 mscorsvw.exe 752 mscorsvw.exe 2612 mscorsvw.exe 2824 mscorsvw.exe 1928 mscorsvw.exe 1560 mscorsvw.exe 2148 mscorsvw.exe 1620 mscorsvw.exe 1100 mscorsvw.exe 1428 mscorsvw.exe 2268 mscorsvw.exe 1788 mscorsvw.exe 1348 mscorsvw.exe 2228 mscorsvw.exe 2140 mscorsvw.exe 2852 mscorsvw.exe 408 mscorsvw.exe -
Loads dropped DLL 64 IoCs
pid Process 480 Process not Found 480 Process not Found 480 Process not Found 480 Process not Found 480 Process not Found 480 Process not Found 480 Process not Found 1608 msiexec.exe 480 Process not Found 480 Process not Found 480 Process not Found 480 Process not Found 480 Process not Found 744 Process not Found 1620 mscorsvw.exe 1620 mscorsvw.exe 1428 mscorsvw.exe 1428 mscorsvw.exe 1788 mscorsvw.exe 1788 mscorsvw.exe 2228 mscorsvw.exe 2228 mscorsvw.exe 2852 mscorsvw.exe 2852 mscorsvw.exe 2416 mscorsvw.exe 2416 mscorsvw.exe 620 mscorsvw.exe 620 mscorsvw.exe 1620 mscorsvw.exe 1620 mscorsvw.exe 2184 mscorsvw.exe 2184 mscorsvw.exe 1768 mscorsvw.exe 1768 mscorsvw.exe 3056 mscorsvw.exe 3056 mscorsvw.exe 2456 mscorsvw.exe 2456 mscorsvw.exe 2268 mscorsvw.exe 2268 mscorsvw.exe 2280 mscorsvw.exe 2280 mscorsvw.exe 1212 mscorsvw.exe 1212 mscorsvw.exe 1824 mscorsvw.exe 1824 mscorsvw.exe 2416 mscorsvw.exe 2416 mscorsvw.exe 2064 mscorsvw.exe 2064 mscorsvw.exe 2824 mscorsvw.exe 2824 mscorsvw.exe 2224 mscorsvw.exe 2224 mscorsvw.exe 1972 mscorsvw.exe 1972 mscorsvw.exe 1628 mscorsvw.exe 1628 mscorsvw.exe 1316 mscorsvw.exe 1316 mscorsvw.exe 2884 mscorsvw.exe 2884 mscorsvw.exe 2280 mscorsvw.exe 2280 mscorsvw.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 28 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat SearchProtocolHost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 mscorsvw.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 mscorsvw.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat GROOVE.EXE File opened for modification C:\Windows\System32\msdtc.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe mscorsvw.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\wbengine.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\fxssvc.exe mscorsvw.exe File opened for modification C:\Windows\system32\IEEtwCollector.exe mscorsvw.exe File opened for modification C:\Windows\system32\msiexec.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\locator.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\SearchIndexer.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe mscorsvw.exe File opened for modification C:\Windows\System32\vds.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\vssvc.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\fxssvc.exe mscorsvw.exe File opened for modification C:\Windows\system32\fxssvc.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\IEEtwCollector.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\IEEtwCollector.exe mscorsvw.exe File opened for modification C:\Windows\System32\alg.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\dabc5d1ab661a82.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Windows\System32\snmptrap.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jre7\bin\jp2launcher.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jre7\bin\jabswitch.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe mscorsvw.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe mscorsvw.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe mscorsvw.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log maintenanceservice.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jre7\bin\javaws.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\DVD Maker\DVDMaker.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe mscorsvw.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe mscorsvw.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\java.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe mscorsvw.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe mscorsvw.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe mscorsvw.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index148.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index136.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B83.tmp\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index142.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index151.dat mscorsvw.exe File created C:\Windows\assembly\GACLock.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat mscorsvw.exe File created C:\Windows\assembly\GACLock.dat mscorsvw.exe File created C:\Windows\assembly\GACLock.dat mscorsvw.exe File opened for modification C:\Windows\assembly\temp\SZHO4UH6EQ\Microsoft.VisualBasic.Compatibility.ni.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index136.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP51E7.tmp\Microsoft.Office.Tools.Outlook.v9.0.dll mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index150.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index142.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP315D.tmp\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index13f.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index141.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33BD.tmp\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\index146.dat mscorsvw.exe File created C:\Windows\assembly\ngenlock.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index154.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index155.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index14a.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index14b.dat mscorsvw.exe File created C:\Windows\assembly\ngenlock.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index149.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index142.dat mscorsvw.exe File created C:\Windows\assembly\GACLock.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index14f.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index152.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenofflinequeuelock.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F98.tmp\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index13f.dat mscorsvw.exe File opened for modification C:\Windows\assembly\temp\M32JB80L3E\Microsoft.VisualBasic.Compatibility.Data.ni.dll.aux mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\index14d.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3208.tmp\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index145.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index147.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index136.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E22.tmp\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF344.tmp\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\index139.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3034.tmp\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index155.dat mscorsvw.exe File created C:\Windows\assembly\GACLock.dat mscorsvw.exe File created C:\Windows\assembly\ngenlock.dat mscorsvw.exe File created C:\Windows\assembly\ngenlock.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index153.dat mscorsvw.exe File created C:\Windows\assembly\GACLock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index13a.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4D94.tmp\Microsoft.Office.Tools.Excel.v9.0.dll mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index13d.dat mscorsvw.exe File created C:\Windows\assembly\ngenlock.dat mscorsvw.exe File created C:\Windows\assembly\ngenlock.dat mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index135.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B04.tmp\Microsoft.Office.Tools.Common.v9.0.dll mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index146.dat mscorsvw.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP646E.tmp\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.lock mscorsvw.exe File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\index133.dat mscorsvw.exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs mscorsvw.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My mscorsvw.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 mscorsvw.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%windir%\system32\speech\speechux\sapi.cpl,-5556 = "Dictate text and control your computer by voice." SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs mscorsvw.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-142 = "Wildlife" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs mscorsvw.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-114 = "Windows Fax and Scan" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL ehRec.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates mscorsvw.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-113 = "Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\SNTSearch.dll,-504 = "Create short handwritten or text notes." SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs mscorsvw.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@gameux.dll,-10057 = "Minesweeper" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs mscorsvw.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MediaPlayer wmpnetwk.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\gameux.dll,-10061 = "Spider Solitaire" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople mscorsvw.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 900 ehRec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2096 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: 33 2868 EhTray.exe Token: SeIncBasePriorityPrivilege 2868 EhTray.exe Token: SeDebugPrivilege 900 ehRec.exe Token: SeRestorePrivilege 1608 msiexec.exe Token: SeTakeOwnershipPrivilege 1608 msiexec.exe Token: SeSecurityPrivilege 1608 msiexec.exe Token: SeBackupPrivilege 1416 vssvc.exe Token: SeRestorePrivilege 1416 vssvc.exe Token: SeAuditPrivilege 1416 vssvc.exe Token: 33 2868 EhTray.exe Token: SeIncBasePriorityPrivilege 2868 EhTray.exe Token: SeBackupPrivilege 2500 wbengine.exe Token: SeRestorePrivilege 2500 wbengine.exe Token: SeSecurityPrivilege 2500 wbengine.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeManageVolumePrivilege 2152 SearchIndexer.exe Token: 33 2152 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 2152 SearchIndexer.exe Token: 33 1156 wmpnetwk.exe Token: SeIncBasePriorityPrivilege 1156 wmpnetwk.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeDebugPrivilege 2072 alg.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeDebugPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe Token: SeShutdownPrivilege 2672 mscorsvw.exe Token: SeShutdownPrivilege 476 mscorsvw.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2868 EhTray.exe 2868 EhTray.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2868 EhTray.exe 2868 EhTray.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe 852 SearchProtocolHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2096 wrote to memory of 2300 2096 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe 31 PID 2096 wrote to memory of 2300 2096 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe 31 PID 2096 wrote to memory of 2300 2096 2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe 31 PID 2152 wrote to memory of 852 2152 SearchIndexer.exe 58 PID 2152 wrote to memory of 852 2152 SearchIndexer.exe 58 PID 2152 wrote to memory of 852 2152 SearchIndexer.exe 58 PID 2152 wrote to memory of 2876 2152 SearchIndexer.exe 59 PID 2152 wrote to memory of 2876 2152 SearchIndexer.exe 59 PID 2152 wrote to memory of 2876 2152 SearchIndexer.exe 59 PID 2672 wrote to memory of 2216 2672 mscorsvw.exe 60 PID 2672 wrote to memory of 2216 2672 mscorsvw.exe 60 PID 2672 wrote to memory of 2216 2672 mscorsvw.exe 60 PID 2672 wrote to memory of 2216 2672 mscorsvw.exe 60 PID 2672 wrote to memory of 1272 2672 mscorsvw.exe 61 PID 2672 wrote to memory of 1272 2672 mscorsvw.exe 61 PID 2672 wrote to memory of 1272 2672 mscorsvw.exe 61 PID 2672 wrote to memory of 1272 2672 mscorsvw.exe 61 PID 2672 wrote to memory of 1656 2672 mscorsvw.exe 62 PID 2672 wrote to memory of 1656 2672 mscorsvw.exe 62 PID 2672 wrote to memory of 1656 2672 mscorsvw.exe 62 PID 2672 wrote to memory of 1656 2672 mscorsvw.exe 62 PID 2672 wrote to memory of 2820 2672 mscorsvw.exe 63 PID 2672 wrote to memory of 2820 2672 mscorsvw.exe 63 PID 2672 wrote to memory of 2820 2672 mscorsvw.exe 63 PID 2672 wrote to memory of 2820 2672 mscorsvw.exe 63 PID 2672 wrote to memory of 2752 2672 mscorsvw.exe 64 PID 2672 wrote to memory of 2752 2672 mscorsvw.exe 64 PID 2672 wrote to memory of 2752 2672 mscorsvw.exe 64 PID 2672 wrote to memory of 2752 2672 mscorsvw.exe 64 PID 2672 wrote to memory of 1440 2672 mscorsvw.exe 65 PID 2672 wrote to memory of 1440 2672 mscorsvw.exe 65 PID 2672 wrote to memory of 1440 2672 mscorsvw.exe 65 PID 2672 wrote to memory of 1440 2672 mscorsvw.exe 65 PID 2672 wrote to memory of 1840 2672 mscorsvw.exe 66 PID 2672 wrote to memory of 1840 2672 mscorsvw.exe 66 PID 2672 wrote to memory of 1840 2672 mscorsvw.exe 66 PID 2672 wrote to memory of 1840 2672 mscorsvw.exe 66 PID 2672 wrote to memory of 2228 2672 mscorsvw.exe 67 PID 2672 wrote to memory of 2228 2672 mscorsvw.exe 67 PID 2672 wrote to memory of 2228 2672 mscorsvw.exe 67 PID 2672 wrote to memory of 2228 2672 mscorsvw.exe 67 PID 2672 wrote to memory of 824 2672 mscorsvw.exe 68 PID 2672 wrote to memory of 824 2672 mscorsvw.exe 68 PID 2672 wrote to memory of 824 2672 mscorsvw.exe 68 PID 2672 wrote to memory of 824 2672 mscorsvw.exe 68 PID 2672 wrote to memory of 2392 2672 mscorsvw.exe 69 PID 2672 wrote to memory of 2392 2672 mscorsvw.exe 69 PID 2672 wrote to memory of 2392 2672 mscorsvw.exe 69 PID 2672 wrote to memory of 2392 2672 mscorsvw.exe 69 PID 2672 wrote to memory of 1044 2672 mscorsvw.exe 70 PID 2672 wrote to memory of 1044 2672 mscorsvw.exe 70 PID 2672 wrote to memory of 1044 2672 mscorsvw.exe 70 PID 2672 wrote to memory of 1044 2672 mscorsvw.exe 70 PID 2672 wrote to memory of 2096 2672 mscorsvw.exe 76 PID 2672 wrote to memory of 2096 2672 mscorsvw.exe 76 PID 2672 wrote to memory of 2096 2672 mscorsvw.exe 76 PID 2672 wrote to memory of 2096 2672 mscorsvw.exe 76 PID 2672 wrote to memory of 1500 2672 mscorsvw.exe 72 PID 2672 wrote to memory of 1500 2672 mscorsvw.exe 72 PID 2672 wrote to memory of 1500 2672 mscorsvw.exe 72 PID 2672 wrote to memory of 1500 2672 mscorsvw.exe 72 PID 2672 wrote to memory of 2120 2672 mscorsvw.exe 73 PID 2672 wrote to memory of 2120 2672 mscorsvw.exe 73 PID 2672 wrote to memory of 2120 2672 mscorsvw.exe 73 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe"C:\Users\Admin\AppData\Local\Temp\2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Program Files\Java\jre7\bin\javaws.exeC:\Users\Admin\AppData\Local\Temp\2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe2⤵PID:2300
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2072
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe1⤵
- Executes dropped EXE
PID:2708
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2724
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2904
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1e4 -InterruptEvent 1d0 -NGENProcess 1d4 -Pipe 1e0 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2216
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1dc -InterruptEvent 248 -NGENProcess 250 -Pipe 254 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1272
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 24c -NGENProcess 244 -Pipe 1dc -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1656
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 250 -NGENProcess 240 -Pipe 24c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2820
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 260 -NGENProcess 1d0 -Pipe 25c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2752
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 244 -NGENProcess 264 -Pipe 250 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1440
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 248 -NGENProcess 1d0 -Pipe 1e4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1840
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 258 -NGENProcess 26c -Pipe 244 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2228
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 240 -NGENProcess 1d0 -Pipe 1d4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 274 -NGENProcess 248 -Pipe 270 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2392
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 274 -InterruptEvent 238 -NGENProcess 264 -Pipe 26c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 278 -NGENProcess 260 -Pipe 23c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2096
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 27c -NGENProcess 248 -Pipe 268 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1500
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 280 -NGENProcess 264 -Pipe 258 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2120
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 280 -InterruptEvent 284 -NGENProcess 260 -Pipe 240 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:752
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 288 -NGENProcess 248 -Pipe 274 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2208
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 28c -NGENProcess 264 -Pipe 238 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2096
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 290 -NGENProcess 260 -Pipe 278 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1708
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 294 -NGENProcess 248 -Pipe 27c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 298 -NGENProcess 264 -Pipe 280 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2628
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 29c -NGENProcess 260 -Pipe 284 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2852
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 2a0 -NGENProcess 248 -Pipe 288 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 2a4 -NGENProcess 264 -Pipe 28c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2080
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 1c0 -NGENProcess 2a0 -Pipe 218 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1c0 -InterruptEvent 2c8 -NGENProcess 2a4 -Pipe 2c4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1928
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 2c8 -NGENProcess 1c0 -Pipe 2b8 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1560
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 2c0 -NGENProcess 2a4 -Pipe 2b4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2148
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 2d4 -NGENProcess 260 -Pipe 2bc -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1620
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 2a4 -NGENProcess 260 -Pipe 2cc -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1100
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 2e0 -NGENProcess 2d8 -Pipe 2dc -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:1428
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 2d8 -NGENProcess 2d4 -Pipe 2d0 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2268
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 2e8 -NGENProcess 260 -Pipe 1c0 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1788
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 260 -NGENProcess 2e0 -Pipe 2e4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1348
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 2f0 -NGENProcess 2d4 -Pipe 2a4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2228
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 2d4 -NGENProcess 2e8 -Pipe 2ec -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2140
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 2f8 -NGENProcess 2e0 -Pipe 2d8 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2852
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 2e0 -NGENProcess 2f0 -Pipe 2f4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:408
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 300 -NGENProcess 2e8 -Pipe 260 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2416
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 2e8 -NGENProcess 2f8 -Pipe 2fc -Comment "NGen Worker Process"2⤵PID:2028
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 308 -NGENProcess 2f0 -Pipe 2d4 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:620
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 2f0 -NGENProcess 300 -Pipe 304 -Comment "NGen Worker Process"2⤵PID:1272
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 310 -NGENProcess 2f8 -Pipe 2e0 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1620
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 2f8 -NGENProcess 308 -Pipe 30c -Comment "NGen Worker Process"2⤵PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 318 -NGENProcess 300 -Pipe 2e8 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2184
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 300 -NGENProcess 310 -Pipe 314 -Comment "NGen Worker Process"2⤵PID:2704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 320 -NGENProcess 308 -Pipe 2f0 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
PID:1768
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 308 -NGENProcess 318 -Pipe 31c -Comment "NGen Worker Process"2⤵PID:2620
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 328 -NGENProcess 310 -Pipe 2f8 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:3056
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 310 -NGENProcess 320 -Pipe 324 -Comment "NGen Worker Process"2⤵PID:1612
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 330 -NGENProcess 318 -Pipe 300 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2456
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 318 -NGENProcess 328 -Pipe 32c -Comment "NGen Worker Process"2⤵PID:1236
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 338 -NGENProcess 320 -Pipe 308 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2268
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 320 -NGENProcess 330 -Pipe 334 -Comment "NGen Worker Process"2⤵PID:1996
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 340 -NGENProcess 328 -Pipe 310 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2280
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 328 -NGENProcess 338 -Pipe 33c -Comment "NGen Worker Process"2⤵PID:2044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 348 -NGENProcess 330 -Pipe 318 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 330 -NGENProcess 340 -Pipe 344 -Comment "NGen Worker Process"2⤵PID:112
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 350 -NGENProcess 338 -Pipe 320 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:1824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 338 -NGENProcess 348 -Pipe 34c -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:828
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 358 -NGENProcess 340 -Pipe 328 -Comment "NGen Worker Process"2⤵PID:1972
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 35c -NGENProcess 354 -Pipe 2a0 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2868
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 354 -NGENProcess 350 -Pipe 364 -Comment "NGen Worker Process"2⤵PID:2080
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 330 -NGENProcess 360 -Pipe 2c8 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2416
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 360 -NGENProcess 35c -Pipe 358 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2064
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 35c -NGENProcess 2a8 -Pipe 350 -Comment "NGen Worker Process"2⤵PID:752
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 370 -NGENProcess 368 -Pipe 338 -Comment "NGen Worker Process"2⤵PID:1932
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 374 -NGENProcess 36c -Pipe 354 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2888
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 378 -NGENProcess 2a8 -Pipe 330 -Comment "NGen Worker Process"2⤵PID:2552
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 37c -NGENProcess 368 -Pipe 348 -Comment "NGen Worker Process"2⤵PID:2456
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 380 -NGENProcess 36c -Pipe 360 -Comment "NGen Worker Process"2⤵PID:2520
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 384 -NGENProcess 2a8 -Pipe 35c -Comment "NGen Worker Process"2⤵PID:2200
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 384 -InterruptEvent 388 -NGENProcess 368 -Pipe 370 -Comment "NGen Worker Process"2⤵PID:1436
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 38c -NGENProcess 36c -Pipe 374 -Comment "NGen Worker Process"2⤵PID:2104
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 390 -NGENProcess 2a8 -Pipe 378 -Comment "NGen Worker Process"2⤵PID:2792
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 394 -NGENProcess 368 -Pipe 37c -Comment "NGen Worker Process"2⤵PID:336
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 398 -NGENProcess 36c -Pipe 380 -Comment "NGen Worker Process"2⤵PID:2476
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 398 -InterruptEvent 39c -NGENProcess 2a8 -Pipe 384 -Comment "NGen Worker Process"2⤵PID:1036
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 3a0 -NGENProcess 368 -Pipe 388 -Comment "NGen Worker Process"2⤵PID:2612
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 3a4 -NGENProcess 36c -Pipe 38c -Comment "NGen Worker Process"2⤵PID:976
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 3a8 -NGENProcess 2a8 -Pipe 390 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2780
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 3ac -NGENProcess 368 -Pipe 394 -Comment "NGen Worker Process"2⤵PID:1768
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 3b0 -NGENProcess 36c -Pipe 398 -Comment "NGen Worker Process"2⤵PID:1356
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 3b4 -NGENProcess 2a8 -Pipe 39c -Comment "NGen Worker Process"2⤵PID:1188
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 3b8 -NGENProcess 368 -Pipe 3a0 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1924
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 3bc -NGENProcess 36c -Pipe 3a4 -Comment "NGen Worker Process"2⤵PID:1600
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 3c0 -NGENProcess 3b4 -Pipe 3bc -Comment "NGen Worker Process"2⤵PID:1100
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 3a8 -NGENProcess 36c -Pipe 3ac -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2120
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 3c8 -NGENProcess 3b8 -Pipe 340 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2200
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 3cc -NGENProcess 3b4 -Pipe 3c4 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2972
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 3d0 -NGENProcess 36c -Pipe 2a8 -Comment "NGen Worker Process"2⤵PID:828
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 3d4 -NGENProcess 3b8 -Pipe 3b0 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2156
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 3b8 -NGENProcess 3d4 -Pipe 3d8 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:1644
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 3dc -NGENProcess 36c -Pipe 3a8 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2236
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3dc -InterruptEvent 3b4 -NGENProcess 3c0 -Pipe 3e4 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2456
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 3c8 -NGENProcess 3e0 -Pipe 3cc -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1440
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 3e8 -NGENProcess 36c -Pipe 368 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 3ec -NGENProcess 3c0 -Pipe 3d0 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:832
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 3f0 -NGENProcess 3e0 -Pipe 3b8 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2792
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f0 -InterruptEvent 3f4 -NGENProcess 36c -Pipe 3dc -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2392
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 3f8 -NGENProcess 3c0 -Pipe 3b4 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f8 -InterruptEvent 3c0 -NGENProcess 3f0 -Pipe 3e0 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:772
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 404 -NGENProcess 36c -Pipe 3e8 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2224
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 36c -NGENProcess 3f8 -Pipe 3fc -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:1704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 40c -NGENProcess 3f0 -Pipe 3f4 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1972
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 40c -InterruptEvent 3f0 -NGENProcess 404 -Pipe 408 -Comment "NGen Worker Process"2⤵PID:1840
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 3f0 -NGENProcess 40c -Pipe 3f8 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2264
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f0 -InterruptEvent 3c0 -NGENProcess 404 -Pipe 3ec -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:1628
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 404 -NGENProcess 414 -Pipe 3c8 -Comment "NGen Worker Process"2⤵PID:2904
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 420 -NGENProcess 40c -Pipe 418 -Comment "NGen Worker Process"2⤵PID:2828
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 420 -InterruptEvent 424 -NGENProcess 41c -Pipe 36c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2312
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 428 -NGENProcess 414 -Pipe 3f0 -Comment "NGen Worker Process"2⤵PID:1704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 428 -InterruptEvent 42c -NGENProcess 40c -Pipe 3d4 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2792
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 430 -NGENProcess 41c -Pipe 3c0 -Comment "NGen Worker Process"2⤵PID:2784
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 430 -InterruptEvent 434 -NGENProcess 414 -Pipe 404 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2024
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 434 -InterruptEvent 438 -NGENProcess 40c -Pipe 420 -Comment "NGen Worker Process"2⤵PID:2424
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 438 -InterruptEvent 43c -NGENProcess 41c -Pipe 424 -Comment "NGen Worker Process"2⤵PID:1168
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 440 -NGENProcess 414 -Pipe 428 -Comment "NGen Worker Process"2⤵PID:1164
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 444 -NGENProcess 40c -Pipe 42c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2020
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 444 -InterruptEvent 448 -NGENProcess 41c -Pipe 430 -Comment "NGen Worker Process"2⤵PID:2224
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 448 -InterruptEvent 44c -NGENProcess 414 -Pipe 434 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 44c -InterruptEvent 450 -NGENProcess 40c -Pipe 438 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2940
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 454 -NGENProcess 41c -Pipe 43c -Comment "NGen Worker Process"2⤵PID:936
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 458 -NGENProcess 414 -Pipe 440 -Comment "NGen Worker Process"2⤵PID:3056
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 45c -NGENProcess 40c -Pipe 444 -Comment "NGen Worker Process"2⤵PID:900
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 460 -NGENProcess 41c -Pipe 448 -Comment "NGen Worker Process"2⤵PID:2764
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 464 -NGENProcess 414 -Pipe 44c -Comment "NGen Worker Process"2⤵PID:2104
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 464 -InterruptEvent 468 -NGENProcess 40c -Pipe 450 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:1316
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 468 -InterruptEvent 40c -NGENProcess 460 -Pipe 41c -Comment "NGen Worker Process"2⤵PID:1780
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 40c -InterruptEvent 470 -NGENProcess 414 -Pipe 458 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:2884
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 414 -NGENProcess 468 -Pipe 46c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1996
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 478 -NGENProcess 460 -Pipe 464 -Comment "NGen Worker Process"2⤵PID:692
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 478 -InterruptEvent 47c -NGENProcess 474 -Pipe 454 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2860
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 47c -InterruptEvent 480 -NGENProcess 468 -Pipe 40c -Comment "NGen Worker Process"2⤵PID:1792
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 480 -InterruptEvent 484 -NGENProcess 460 -Pipe 45c -Comment "NGen Worker Process"2⤵PID:2556
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 484 -InterruptEvent 488 -NGENProcess 474 -Pipe 470 -Comment "NGen Worker Process"2⤵
- Loads dropped DLL
PID:2280
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 488 -InterruptEvent 474 -NGENProcess 480 -Pipe 468 -Comment "NGen Worker Process"2⤵PID:828
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 474 -InterruptEvent 490 -NGENProcess 460 -Pipe 478 -Comment "NGen Worker Process"2⤵PID:1788
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 490 -InterruptEvent 460 -NGENProcess 488 -Pipe 48c -Comment "NGen Worker Process"2⤵PID:2392
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 498 -NGENProcess 480 -Pipe 484 -Comment "NGen Worker Process"2⤵PID:1272
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 498 -InterruptEvent 49c -NGENProcess 494 -Pipe 414 -Comment "NGen Worker Process"2⤵PID:1928
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 49c -InterruptEvent 4a0 -NGENProcess 488 -Pipe 474 -Comment "NGen Worker Process"2⤵PID:2656
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4a0 -InterruptEvent 488 -NGENProcess 498 -Pipe 480 -Comment "NGen Worker Process"2⤵PID:2812
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 488 -InterruptEvent 4a8 -NGENProcess 494 -Pipe 490 -Comment "NGen Worker Process"2⤵PID:2644
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4a8 -InterruptEvent 494 -NGENProcess 4a0 -Pipe 4a4 -Comment "NGen Worker Process"2⤵PID:2476
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 494 -InterruptEvent 4b0 -NGENProcess 498 -Pipe 49c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2416
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4b0 -InterruptEvent 4b4 -NGENProcess 4ac -Pipe 47c -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:112
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4b4 -InterruptEvent 4ac -NGENProcess 494 -Pipe 4a0 -Comment "NGen Worker Process"2⤵PID:2300
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4b0 -InterruptEvent 488 -NGENProcess 4bc -Pipe 4ac -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:1168
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 488 -InterruptEvent 4bc -NGENProcess 4b4 -Pipe 494 -Comment "NGen Worker Process"2⤵PID:2864
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4bc -InterruptEvent 4c4 -NGENProcess 498 -Pipe 410 -Comment "NGen Worker Process"2⤵PID:2044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4c4 -InterruptEvent 4c8 -NGENProcess 460 -Pipe 4c0 -Comment "NGen Worker Process"2⤵PID:2076
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4c8 -InterruptEvent 4cc -NGENProcess 4b4 -Pipe 4b0 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:1356
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4cc -InterruptEvent 4d0 -NGENProcess 498 -Pipe 4a8 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1772
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4d0 -InterruptEvent 498 -NGENProcess 4c8 -Pipe 460 -Comment "NGen Worker Process"2⤵PID:1620
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 498 -InterruptEvent 4d8 -NGENProcess 4b4 -Pipe 4bc -Comment "NGen Worker Process"2⤵PID:1824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4d8 -InterruptEvent 4dc -NGENProcess 4d4 -Pipe 4c4 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2628
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4dc -InterruptEvent 4e0 -NGENProcess 4c8 -Pipe 4cc -Comment "NGen Worker Process"2⤵PID:916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4e0 -InterruptEvent 4e4 -NGENProcess 4b4 -Pipe 488 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:1380
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4e4 -InterruptEvent 4b4 -NGENProcess 4dc -Pipe 4d4 -Comment "NGen Worker Process"2⤵PID:1840
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4b4 -InterruptEvent 4ec -NGENProcess 4c8 -Pipe 498 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2208
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4ec -InterruptEvent 4f0 -NGENProcess 4e8 -Pipe 4d8 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:540
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4e4 -InterruptEvent 4ec -NGENProcess 4f8 -Pipe 4b4 -Comment "NGen Worker Process"2⤵PID:1436
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4ec -InterruptEvent 4e0 -NGENProcess 4e8 -Pipe 4d0 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1932
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4e0 -InterruptEvent 4fc -NGENProcess 4f4 -Pipe 4b8 -Comment "NGen Worker Process"2⤵PID:1448
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 4fc -InterruptEvent 500 -NGENProcess 4f8 -Pipe 4dc -Comment "NGen Worker Process"2⤵PID:2836
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 500 -InterruptEvent 504 -NGENProcess 4e8 -Pipe 4f0 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 504 -InterruptEvent 508 -NGENProcess 4f4 -Pipe 4e4 -Comment "NGen Worker Process"2⤵PID:828
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 508 -InterruptEvent 50c -NGENProcess 4f8 -Pipe 4ec -Comment "NGen Worker Process"2⤵PID:2592
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 50c -InterruptEvent 510 -NGENProcess 4e8 -Pipe 4e0 -Comment "NGen Worker Process"2⤵PID:3000
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 510 -InterruptEvent 514 -NGENProcess 4f4 -Pipe 4fc -Comment "NGen Worker Process"2⤵PID:1612
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 514 -InterruptEvent 518 -NGENProcess 4f8 -Pipe 500 -Comment "NGen Worker Process"2⤵PID:1812
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 518 -InterruptEvent 51c -NGENProcess 4e8 -Pipe 504 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1636
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 51c -InterruptEvent 520 -NGENProcess 4f4 -Pipe 508 -Comment "NGen Worker Process"2⤵PID:2656
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 520 -InterruptEvent 524 -NGENProcess 4f8 -Pipe 50c -Comment "NGen Worker Process"2⤵PID:1132
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 524 -InterruptEvent 528 -NGENProcess 4e8 -Pipe 510 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:1344
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 528 -InterruptEvent 52c -NGENProcess 4f4 -Pipe 514 -Comment "NGen Worker Process"2⤵PID:1924
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 52c -InterruptEvent 530 -NGENProcess 4f8 -Pipe 518 -Comment "NGen Worker Process"2⤵PID:2424
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 530 -InterruptEvent 534 -NGENProcess 4e8 -Pipe 51c -Comment "NGen Worker Process"2⤵PID:1648
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 534 -InterruptEvent 538 -NGENProcess 4f4 -Pipe 520 -Comment "NGen Worker Process"2⤵PID:2268
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 538 -InterruptEvent 53c -NGENProcess 4f8 -Pipe 524 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1928
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 53c -InterruptEvent 540 -NGENProcess 4e8 -Pipe 528 -Comment "NGen Worker Process"2⤵PID:3044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 540 -InterruptEvent 544 -NGENProcess 4f4 -Pipe 52c -Comment "NGen Worker Process"2⤵PID:2280
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 544 -InterruptEvent 548 -NGENProcess 4f8 -Pipe 530 -Comment "NGen Worker Process"2⤵PID:2528
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 548 -InterruptEvent 54c -NGENProcess 4e8 -Pipe 534 -Comment "NGen Worker Process"2⤵PID:2028
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 54c -InterruptEvent 550 -NGENProcess 4f4 -Pipe 538 -Comment "NGen Worker Process"2⤵PID:2784
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 550 -InterruptEvent 554 -NGENProcess 4f8 -Pipe 53c -Comment "NGen Worker Process"2⤵PID:2208
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 554 -InterruptEvent 558 -NGENProcess 4e8 -Pipe 540 -Comment "NGen Worker Process"2⤵PID:1440
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 558 -InterruptEvent 55c -NGENProcess 4f4 -Pipe 544 -Comment "NGen Worker Process"2⤵PID:1960
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 55c -InterruptEvent 560 -NGENProcess 4f8 -Pipe 548 -Comment "NGen Worker Process"2⤵PID:2860
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 554 -InterruptEvent 564 -NGENProcess 558 -Pipe 560 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1636
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 564 -InterruptEvent 54c -NGENProcess 4f8 -Pipe 550 -Comment "NGen Worker Process"2⤵PID:1316
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 54c -InterruptEvent 56c -NGENProcess 55c -Pipe 4c8 -Comment "NGen Worker Process"2⤵PID:2644
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 56c -InterruptEvent 570 -NGENProcess 558 -Pipe 568 -Comment "NGen Worker Process"2⤵PID:1644
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 570 -InterruptEvent 574 -NGENProcess 4f8 -Pipe 4e8 -Comment "NGen Worker Process"2⤵PID:1788
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 574 -InterruptEvent 578 -NGENProcess 55c -Pipe 554 -Comment "NGen Worker Process"2⤵PID:2416
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 578 -InterruptEvent 57c -NGENProcess 558 -Pipe 564 -Comment "NGen Worker Process"2⤵PID:3000
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 57c -InterruptEvent 580 -NGENProcess 4f8 -Pipe 54c -Comment "NGen Worker Process"2⤵PID:1824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 580 -InterruptEvent 584 -NGENProcess 55c -Pipe 56c -Comment "NGen Worker Process"2⤵PID:2020
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 584 -InterruptEvent 588 -NGENProcess 558 -Pipe 570 -Comment "NGen Worker Process"2⤵PID:2792
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 588 -InterruptEvent 58c -NGENProcess 4f8 -Pipe 574 -Comment "NGen Worker Process"2⤵PID:1448
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 58c -InterruptEvent 590 -NGENProcess 55c -Pipe 578 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:2064
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 590 -InterruptEvent 594 -NGENProcess 558 -Pipe 57c -Comment "NGen Worker Process"2⤵PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 594 -InterruptEvent 598 -NGENProcess 4f8 -Pipe 580 -Comment "NGen Worker Process"2⤵PID:2360
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 598 -InterruptEvent 59c -NGENProcess 55c -Pipe 584 -Comment "NGen Worker Process"2⤵PID:3056
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 59c -InterruptEvent 5a0 -NGENProcess 558 -Pipe 588 -Comment "NGen Worker Process"2⤵PID:2292
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5a0 -InterruptEvent 5a4 -NGENProcess 4f8 -Pipe 58c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2128
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5a4 -InterruptEvent 5a8 -NGENProcess 55c -Pipe 590 -Comment "NGen Worker Process"2⤵PID:1188
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5a8 -InterruptEvent 5ac -NGENProcess 558 -Pipe 594 -Comment "NGen Worker Process"2⤵PID:2880
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5ac -InterruptEvent 5b0 -NGENProcess 4f8 -Pipe 598 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2120
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5b0 -InterruptEvent 5b4 -NGENProcess 55c -Pipe 59c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2528
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5b4 -InterruptEvent 5b8 -NGENProcess 558 -Pipe 5a0 -Comment "NGen Worker Process"2⤵PID:936
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5b8 -InterruptEvent 5bc -NGENProcess 4f8 -Pipe 5a4 -Comment "NGen Worker Process"2⤵PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5bc -InterruptEvent 5c0 -NGENProcess 55c -Pipe 5a8 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1756
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5c0 -InterruptEvent 5c4 -NGENProcess 558 -Pipe 5ac -Comment "NGen Worker Process"2⤵PID:752
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5c4 -InterruptEvent 5c8 -NGENProcess 4f8 -Pipe 5b0 -Comment "NGen Worker Process"2⤵PID:904
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5c8 -InterruptEvent 5cc -NGENProcess 55c -Pipe 5b4 -Comment "NGen Worker Process"2⤵PID:2156
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5cc -InterruptEvent 5d0 -NGENProcess 558 -Pipe 5b8 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1660
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5d0 -InterruptEvent 5d4 -NGENProcess 4f8 -Pipe 5bc -Comment "NGen Worker Process"2⤵PID:1380
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5d4 -InterruptEvent 5d8 -NGENProcess 55c -Pipe 5c0 -Comment "NGen Worker Process"2⤵PID:2148
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5d8 -InterruptEvent 5dc -NGENProcess 558 -Pipe 5c4 -Comment "NGen Worker Process"2⤵PID:1996
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5dc -InterruptEvent 5e0 -NGENProcess 4f8 -Pipe 5c8 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1152
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5e0 -InterruptEvent 5e4 -NGENProcess 55c -Pipe 5cc -Comment "NGen Worker Process"2⤵PID:900
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5e4 -InterruptEvent 5e8 -NGENProcess 558 -Pipe 5d0 -Comment "NGen Worker Process"2⤵PID:1272
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5e8 -InterruptEvent 5ec -NGENProcess 4f8 -Pipe 5d4 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1812
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5ec -InterruptEvent 5f0 -NGENProcess 55c -Pipe 5d8 -Comment "NGen Worker Process"2⤵PID:1080
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5f0 -InterruptEvent 5f4 -NGENProcess 558 -Pipe 5dc -Comment "NGen Worker Process"2⤵PID:1728
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5f4 -InterruptEvent 5f8 -NGENProcess 4f8 -Pipe 5e0 -Comment "NGen Worker Process"2⤵PID:1132
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5f8 -InterruptEvent 5fc -NGENProcess 55c -Pipe 5e4 -Comment "NGen Worker Process"2⤵PID:1380
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 5fc -InterruptEvent 600 -NGENProcess 558 -Pipe 5e8 -Comment "NGen Worker Process"2⤵PID:1772
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 600 -InterruptEvent 604 -NGENProcess 4f8 -Pipe 5ec -Comment "NGen Worker Process"2⤵PID:1620
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 604 -InterruptEvent 608 -NGENProcess 55c -Pipe 5f0 -Comment "NGen Worker Process"2⤵PID:1640
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 608 -InterruptEvent 60c -NGENProcess 558 -Pipe 5f4 -Comment "NGen Worker Process"2⤵PID:3000
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 60c -InterruptEvent 610 -NGENProcess 4f8 -Pipe 5f8 -Comment "NGen Worker Process"2⤵PID:2556
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 610 -InterruptEvent 614 -NGENProcess 55c -Pipe 5fc -Comment "NGen Worker Process"2⤵PID:2812
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 614 -InterruptEvent 618 -NGENProcess 558 -Pipe 600 -Comment "NGen Worker Process"2⤵PID:2604
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 618 -InterruptEvent 61c -NGENProcess 4f8 -Pipe 604 -Comment "NGen Worker Process"2⤵PID:1728
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 61c -InterruptEvent 620 -NGENProcess 55c -Pipe 608 -Comment "NGen Worker Process"2⤵PID:1656
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 620 -InterruptEvent 624 -NGENProcess 558 -Pipe 60c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2540
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 624 -InterruptEvent 628 -NGENProcess 4f8 -Pipe 610 -Comment "NGen Worker Process"2⤵PID:2360
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 628 -InterruptEvent 62c -NGENProcess 55c -Pipe 614 -Comment "NGen Worker Process"2⤵PID:1648
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 62c -InterruptEvent 630 -NGENProcess 558 -Pipe 618 -Comment "NGen Worker Process"2⤵PID:1824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 630 -InterruptEvent 634 -NGENProcess 4f8 -Pipe 61c -Comment "NGen Worker Process"2⤵PID:664
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 634 -InterruptEvent 638 -NGENProcess 55c -Pipe 620 -Comment "NGen Worker Process"2⤵PID:1036
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 638 -InterruptEvent 63c -NGENProcess 558 -Pipe 624 -Comment "NGen Worker Process"2⤵PID:1780
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 63c -InterruptEvent 640 -NGENProcess 4f8 -Pipe 628 -Comment "NGen Worker Process"2⤵PID:916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 640 -InterruptEvent 644 -NGENProcess 55c -Pipe 62c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2528
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 644 -InterruptEvent 648 -NGENProcess 558 -Pipe 630 -Comment "NGen Worker Process"2⤵PID:1644
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 648 -InterruptEvent 64c -NGENProcess 4f8 -Pipe 634 -Comment "NGen Worker Process"2⤵PID:2264
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 64c -InterruptEvent 650 -NGENProcess 55c -Pipe 638 -Comment "NGen Worker Process"2⤵PID:2972
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 650 -InterruptEvent 654 -NGENProcess 558 -Pipe 63c -Comment "NGen Worker Process"2⤵PID:2280
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 654 -InterruptEvent 658 -NGENProcess 4f8 -Pipe 640 -Comment "NGen Worker Process"2⤵PID:2656
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 658 -InterruptEvent 65c -NGENProcess 55c -Pipe 644 -Comment "NGen Worker Process"2⤵PID:2156
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 65c -InterruptEvent 660 -NGENProcess 558 -Pipe 648 -Comment "NGen Worker Process"2⤵PID:2064
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 660 -InterruptEvent 664 -NGENProcess 4f8 -Pipe 64c -Comment "NGen Worker Process"2⤵PID:2884
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 664 -InterruptEvent 668 -NGENProcess 55c -Pipe 650 -Comment "NGen Worker Process"2⤵PID:2820
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 668 -InterruptEvent 66c -NGENProcess 558 -Pipe 654 -Comment "NGen Worker Process"2⤵PID:2208
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 66c -InterruptEvent 670 -NGENProcess 4f8 -Pipe 658 -Comment "NGen Worker Process"2⤵PID:900
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 670 -InterruptEvent 674 -NGENProcess 55c -Pipe 65c -Comment "NGen Worker Process"2⤵PID:1648
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 674 -InterruptEvent 678 -NGENProcess 558 -Pipe 660 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2852
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 678 -InterruptEvent 67c -NGENProcess 4f8 -Pipe 664 -Comment "NGen Worker Process"2⤵PID:2712
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 67c -InterruptEvent 680 -NGENProcess 55c -Pipe 668 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2336
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 680 -InterruptEvent 684 -NGENProcess 558 -Pipe 66c -Comment "NGen Worker Process"2⤵PID:1972
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 684 -InterruptEvent 688 -NGENProcess 4f8 -Pipe 670 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2392
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 688 -InterruptEvent 68c -NGENProcess 55c -Pipe 674 -Comment "NGen Worker Process"2⤵PID:936
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 68c -InterruptEvent 690 -NGENProcess 558 -Pipe 678 -Comment "NGen Worker Process"2⤵PID:1768
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 690 -InterruptEvent 694 -NGENProcess 4f8 -Pipe 67c -Comment "NGen Worker Process"2⤵PID:2264
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 694 -InterruptEvent 698 -NGENProcess 55c -Pipe 680 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1308
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 698 -InterruptEvent 69c -NGENProcess 558 -Pipe 684 -Comment "NGen Worker Process"2⤵PID:1740
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 69c -InterruptEvent 6a0 -NGENProcess 4f8 -Pipe 688 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1236
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6a0 -InterruptEvent 6a4 -NGENProcess 55c -Pipe 68c -Comment "NGen Worker Process"2⤵PID:2744
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6a4 -InterruptEvent 6a8 -NGENProcess 558 -Pipe 690 -Comment "NGen Worker Process"2⤵PID:2916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6a8 -InterruptEvent 6ac -NGENProcess 4f8 -Pipe 694 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2884
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6ac -InterruptEvent 6b0 -NGENProcess 55c -Pipe 698 -Comment "NGen Worker Process"2⤵
- Modifies data under HKEY_USERS
PID:1656
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6b0 -InterruptEvent 6b4 -NGENProcess 558 -Pipe 69c -Comment "NGen Worker Process"2⤵PID:2564
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6b4 -InterruptEvent 6b8 -NGENProcess 4f8 -Pipe 6a0 -Comment "NGen Worker Process"2⤵PID:1824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6b8 -InterruptEvent 6bc -NGENProcess 55c -Pipe 6a4 -Comment "NGen Worker Process"2⤵PID:1044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6bc -InterruptEvent 6c0 -NGENProcess 558 -Pipe 6a8 -Comment "NGen Worker Process"2⤵PID:2864
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6c0 -InterruptEvent 6c4 -NGENProcess 4f8 -Pipe 6ac -Comment "NGen Worker Process"2⤵PID:1832
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6c4 -InterruptEvent 6c8 -NGENProcess 55c -Pipe 6b0 -Comment "NGen Worker Process"2⤵PID:2336
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6c8 -InterruptEvent 6cc -NGENProcess 558 -Pipe 6b4 -Comment "NGen Worker Process"2⤵PID:1772
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6cc -InterruptEvent 6d0 -NGENProcess 4f8 -Pipe 6b8 -Comment "NGen Worker Process"2⤵PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6d0 -InterruptEvent 6d4 -NGENProcess 55c -Pipe 6bc -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1960
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6d4 -InterruptEvent 6d8 -NGENProcess 558 -Pipe 6c0 -Comment "NGen Worker Process"2⤵PID:1272
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6d8 -InterruptEvent 6dc -NGENProcess 4f8 -Pipe 6c4 -Comment "NGen Worker Process"2⤵PID:2312
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6dc -InterruptEvent 6e0 -NGENProcess 55c -Pipe 6c8 -Comment "NGen Worker Process"2⤵PID:1308
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6e0 -InterruptEvent 6e4 -NGENProcess 558 -Pipe 6cc -Comment "NGen Worker Process"2⤵PID:2520
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6e4 -InterruptEvent 6e8 -NGENProcess 4f8 -Pipe 6d0 -Comment "NGen Worker Process"2⤵PID:1728
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6e8 -InterruptEvent 6ec -NGENProcess 55c -Pipe 6d4 -Comment "NGen Worker Process"2⤵PID:2824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6ec -InterruptEvent 6f0 -NGENProcess 558 -Pipe 6d8 -Comment "NGen Worker Process"2⤵PID:2916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6f0 -InterruptEvent 6f4 -NGENProcess 4f8 -Pipe 6dc -Comment "NGen Worker Process"2⤵PID:1932
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6f4 -InterruptEvent 6f8 -NGENProcess 55c -Pipe 6e0 -Comment "NGen Worker Process"2⤵PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6f8 -InterruptEvent 6fc -NGENProcess 558 -Pipe 6e4 -Comment "NGen Worker Process"2⤵PID:2552
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 55c -InterruptEvent 6f8 -NGENProcess 6e8 -Pipe 558 -Comment "NGen Worker Process"2⤵PID:1036
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6f8 -InterruptEvent 6e8 -NGENProcess 6fc -Pipe 4f4 -Comment "NGen Worker Process"2⤵PID:876
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 6e8 -InterruptEvent 720 -NGENProcess 70c -Pipe 714 -Comment "NGen Worker Process"2⤵PID:1312
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 720 -InterruptEvent 70c -NGENProcess 6f8 -Pipe 71c -Comment "NGen Worker Process"2⤵PID:692
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 70c -InterruptEvent 728 -NGENProcess 6fc -Pipe 55c -Comment "NGen Worker Process"2⤵PID:1492
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 728 -InterruptEvent 72c -NGENProcess 724 -Pipe 718 -Comment "NGen Worker Process"2⤵PID:2292
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 72c -InterruptEvent 730 -NGENProcess 6f8 -Pipe 6e8 -Comment "NGen Worker Process"2⤵PID:1640
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 730 -InterruptEvent 734 -NGENProcess 6fc -Pipe 708 -Comment "NGen Worker Process"2⤵PID:2348
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 734 -InterruptEvent 738 -NGENProcess 724 -Pipe 720 -Comment "NGen Worker Process"2⤵PID:2012
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 738 -InterruptEvent 73c -NGENProcess 6f8 -Pipe 70c -Comment "NGen Worker Process"2⤵PID:976
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 73c -InterruptEvent 740 -NGENProcess 6fc -Pipe 728 -Comment "NGen Worker Process"2⤵PID:2784
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 740 -InterruptEvent 744 -NGENProcess 724 -Pipe 72c -Comment "NGen Worker Process"2⤵PID:2752
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 744 -InterruptEvent 748 -NGENProcess 6f8 -Pipe 730 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 748 -InterruptEvent 74c -NGENProcess 6fc -Pipe 734 -Comment "NGen Worker Process"2⤵PID:692
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 74c -InterruptEvent 750 -NGENProcess 724 -Pipe 738 -Comment "NGen Worker Process"2⤵PID:900
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 750 -InterruptEvent 754 -NGENProcess 6f8 -Pipe 73c -Comment "NGen Worker Process"2⤵PID:2628
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 754 -InterruptEvent 758 -NGENProcess 6fc -Pipe 740 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 758 -InterruptEvent 75c -NGENProcess 724 -Pipe 744 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1236
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 75c -InterruptEvent 760 -NGENProcess 6f8 -Pipe 748 -Comment "NGen Worker Process"2⤵PID:2864
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 760 -InterruptEvent 764 -NGENProcess 6fc -Pipe 74c -Comment "NGen Worker Process"2⤵PID:928
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 764 -InterruptEvent 768 -NGENProcess 724 -Pipe 750 -Comment "NGen Worker Process"2⤵PID:2208
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 768 -InterruptEvent 76c -NGENProcess 6f8 -Pipe 754 -Comment "NGen Worker Process"2⤵PID:1652
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 76c -InterruptEvent 770 -NGENProcess 6fc -Pipe 758 -Comment "NGen Worker Process"2⤵PID:1164
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 770 -InterruptEvent 774 -NGENProcess 724 -Pipe 75c -Comment "NGen Worker Process"2⤵PID:2612
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 774 -InterruptEvent 778 -NGENProcess 6f8 -Pipe 760 -Comment "NGen Worker Process"2⤵PID:328
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 778 -InterruptEvent 77c -NGENProcess 6fc -Pipe 764 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1544
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 77c -InterruptEvent 780 -NGENProcess 724 -Pipe 768 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1924
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 780 -InterruptEvent 784 -NGENProcess 6f8 -Pipe 76c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1236
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 784 -InterruptEvent 788 -NGENProcess 6fc -Pipe 770 -Comment "NGen Worker Process"2⤵PID:2676
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 788 -InterruptEvent 78c -NGENProcess 724 -Pipe 774 -Comment "NGen Worker Process"2⤵PID:1312
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 78c -InterruptEvent 790 -NGENProcess 6f8 -Pipe 778 -Comment "NGen Worker Process"2⤵PID:1756
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 790 -InterruptEvent 794 -NGENProcess 6fc -Pipe 77c -Comment "NGen Worker Process"2⤵PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 794 -InterruptEvent 798 -NGENProcess 724 -Pipe 780 -Comment "NGen Worker Process"2⤵PID:1960
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 798 -InterruptEvent 79c -NGENProcess 6f8 -Pipe 784 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1740
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 79c -InterruptEvent 7a0 -NGENProcess 6fc -Pipe 788 -Comment "NGen Worker Process"2⤵PID:2540
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7a0 -InterruptEvent 7a4 -NGENProcess 724 -Pipe 78c -Comment "NGen Worker Process"2⤵PID:2476
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7a4 -InterruptEvent 7a8 -NGENProcess 6f8 -Pipe 790 -Comment "NGen Worker Process"2⤵PID:912
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7a8 -InterruptEvent 7ac -NGENProcess 6fc -Pipe 794 -Comment "NGen Worker Process"2⤵PID:1304
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7ac -InterruptEvent 7b0 -NGENProcess 724 -Pipe 798 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:936
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7b0 -InterruptEvent 7b4 -NGENProcess 6f8 -Pipe 79c -Comment "NGen Worker Process"2⤵PID:3056
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7b4 -InterruptEvent 7b8 -NGENProcess 6fc -Pipe 7a0 -Comment "NGen Worker Process"2⤵PID:2636
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7b8 -InterruptEvent 7bc -NGENProcess 724 -Pipe 7a4 -Comment "NGen Worker Process"2⤵PID:2192
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7bc -InterruptEvent 7c0 -NGENProcess 6f8 -Pipe 7a8 -Comment "NGen Worker Process"2⤵PID:1044
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7c0 -InterruptEvent 7c4 -NGENProcess 6fc -Pipe 7ac -Comment "NGen Worker Process"2⤵PID:2204
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7c4 -InterruptEvent 7c8 -NGENProcess 724 -Pipe 7b0 -Comment "NGen Worker Process"2⤵PID:2824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7c8 -InterruptEvent 7cc -NGENProcess 6f8 -Pipe 7b4 -Comment "NGen Worker Process"2⤵PID:2784
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7cc -InterruptEvent 7d0 -NGENProcess 6fc -Pipe 7b8 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:1872
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7d4 -InterruptEvent 7d0 -NGENProcess 7cc -Pipe 724 -Comment "NGen Worker Process"2⤵PID:2028
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7d0 -InterruptEvent 7bc -NGENProcess 6fc -Pipe 7c0 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2564
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7bc -InterruptEvent 7dc -NGENProcess 7c8 -Pipe 710 -Comment "NGen Worker Process"2⤵PID:2444
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7dc -InterruptEvent 7e0 -NGENProcess 7cc -Pipe 7d8 -Comment "NGen Worker Process"2⤵PID:2940
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7e0 -InterruptEvent 7e4 -NGENProcess 6fc -Pipe 7c4 -Comment "NGen Worker Process"2⤵PID:328
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7e4 -InterruptEvent 7e8 -NGENProcess 7c8 -Pipe 7d4 -Comment "NGen Worker Process"2⤵PID:876
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7e8 -InterruptEvent 7ec -NGENProcess 7cc -Pipe 7d0 -Comment "NGen Worker Process"2⤵PID:532
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7ec -InterruptEvent 7f0 -NGENProcess 6fc -Pipe 7bc -Comment "NGen Worker Process"2⤵PID:1236
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7f0 -InterruptEvent 7f4 -NGENProcess 7c8 -Pipe 7dc -Comment "NGen Worker Process"2⤵PID:1788
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7f4 -InterruptEvent 7f8 -NGENProcess 7cc -Pipe 7e0 -Comment "NGen Worker Process"2⤵PID:1840
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7f8 -InterruptEvent 7fc -NGENProcess 6fc -Pipe 7e4 -Comment "NGen Worker Process"2⤵PID:1984
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7fc -InterruptEvent 804 -NGENProcess 7c8 -Pipe 7e8 -Comment "NGen Worker Process"2⤵PID:2636
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 804 -InterruptEvent 808 -NGENProcess 7cc -Pipe 7ec -Comment "NGen Worker Process"2⤵PID:564
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 808 -InterruptEvent 810 -NGENProcess 6fc -Pipe 80c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2316
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 810 -InterruptEvent 814 -NGENProcess 6f8 -Pipe 7f0 -Comment "NGen Worker Process"2⤵PID:2704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7cc -InterruptEvent 7c8 -NGENProcess 204 -Pipe 810 -Comment "NGen Worker Process"2⤵PID:2232
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7c8 -InterruptEvent 7f4 -NGENProcess 808 -Pipe 804 -Comment "NGen Worker Process"2⤵PID:2336
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7f4 -InterruptEvent 7fc -NGENProcess 818 -Pipe 6f8 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:944
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 7fc -InterruptEvent 81c -NGENProcess 204 -Pipe 814 -Comment "NGen Worker Process"2⤵PID:2028
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 81c -InterruptEvent 820 -NGENProcess 808 -Pipe 804 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2020
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 820 -InterruptEvent 824 -NGENProcess 818 -Pipe 7cc -Comment "NGen Worker Process"2⤵PID:1036
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 824 -InterruptEvent 828 -NGENProcess 204 -Pipe 7c8 -Comment "NGen Worker Process"2⤵PID:2200
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 828 -InterruptEvent 82c -NGENProcess 808 -Pipe 7f4 -Comment "NGen Worker Process"2⤵PID:3056
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 82c -InterruptEvent 830 -NGENProcess 818 -Pipe 7fc -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:2528
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 830 -InterruptEvent 834 -NGENProcess 204 -Pipe 81c -Comment "NGen Worker Process"2⤵PID:2704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 834 -InterruptEvent 820 -NGENProcess 838 -Pipe 830 -Comment "NGen Worker Process"2⤵PID:1932
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 820 -InterruptEvent 83c -NGENProcess 818 -Pipe 824 -Comment "NGen Worker Process"2⤵PID:1704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 83c -InterruptEvent 840 -NGENProcess 204 -Pipe 828 -Comment "NGen Worker Process"2⤵PID:1304
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 840 -InterruptEvent 844 -NGENProcess 838 -Pipe 82c -Comment "NGen Worker Process"2⤵PID:1648
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 844 -InterruptEvent 848 -NGENProcess 818 -Pipe 808 -Comment "NGen Worker Process"2⤵PID:2020
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 848 -InterruptEvent 84c -NGENProcess 204 -Pipe 834 -Comment "NGen Worker Process"2⤵PID:2228
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 84c -InterruptEvent 850 -NGENProcess 838 -Pipe 820 -Comment "NGen Worker Process"2⤵PID:2012
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 850 -InterruptEvent 854 -NGENProcess 818 -Pipe 83c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:976
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 854 -InterruptEvent 858 -NGENProcess 204 -Pipe 840 -Comment "NGen Worker Process"2⤵PID:2756
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 858 -InterruptEvent 85c -NGENProcess 838 -Pipe 844 -Comment "NGen Worker Process"2⤵PID:876
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 85c -InterruptEvent 860 -NGENProcess 818 -Pipe 848 -Comment "NGen Worker Process"2⤵PID:1440
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 860 -InterruptEvent 864 -NGENProcess 204 -Pipe 84c -Comment "NGen Worker Process"2⤵PID:2616
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 864 -InterruptEvent 868 -NGENProcess 838 -Pipe 850 -Comment "NGen Worker Process"2⤵PID:1612
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 868 -InterruptEvent 86c -NGENProcess 818 -Pipe 854 -Comment "NGen Worker Process"2⤵PID:1756
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 86c -InterruptEvent 870 -NGENProcess 204 -Pipe 858 -Comment "NGen Worker Process"2⤵PID:772
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 870 -InterruptEvent 874 -NGENProcess 838 -Pipe 85c -Comment "NGen Worker Process"2⤵PID:1660
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 874 -InterruptEvent 878 -NGENProcess 818 -Pipe 860 -Comment "NGen Worker Process"2⤵PID:1380
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 878 -InterruptEvent 87c -NGENProcess 204 -Pipe 864 -Comment "NGen Worker Process"2⤵PID:2968
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 87c -InterruptEvent 880 -NGENProcess 838 -Pipe 868 -Comment "NGen Worker Process"2⤵PID:828
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 880 -InterruptEvent 884 -NGENProcess 818 -Pipe 86c -Comment "NGen Worker Process"2⤵PID:2904
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 884 -InterruptEvent 888 -NGENProcess 204 -Pipe 870 -Comment "NGen Worker Process"2⤵PID:2388
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 888 -InterruptEvent 88c -NGENProcess 838 -Pipe 874 -Comment "NGen Worker Process"2⤵PID:408
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 88c -InterruptEvent 890 -NGENProcess 818 -Pipe 878 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:336
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 890 -InterruptEvent 894 -NGENProcess 204 -Pipe 87c -Comment "NGen Worker Process"2⤵PID:2240
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 894 -InterruptEvent 898 -NGENProcess 838 -Pipe 880 -Comment "NGen Worker Process"2⤵PID:2644
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 898 -InterruptEvent 89c -NGENProcess 818 -Pipe 884 -Comment "NGen Worker Process"2⤵PID:2528
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 89c -InterruptEvent 8a0 -NGENProcess 204 -Pipe 888 -Comment "NGen Worker Process"2⤵PID:2916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8a0 -InterruptEvent 8a4 -NGENProcess 838 -Pipe 88c -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:976
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8a4 -InterruptEvent 8a8 -NGENProcess 818 -Pipe 890 -Comment "NGen Worker Process"2⤵PID:1944
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8a8 -InterruptEvent 8ac -NGENProcess 204 -Pipe 894 -Comment "NGen Worker Process"2⤵
- System Location Discovery: System Language Discovery
PID:876
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8ac -InterruptEvent 8b0 -NGENProcess 838 -Pipe 898 -Comment "NGen Worker Process"2⤵PID:2564
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8b0 -InterruptEvent 8b4 -NGENProcess 818 -Pipe 89c -Comment "NGen Worker Process"2⤵PID:1784
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8b4 -InterruptEvent 8b8 -NGENProcess 204 -Pipe 8a0 -Comment "NGen Worker Process"2⤵PID:1212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8b8 -InterruptEvent 8bc -NGENProcess 838 -Pipe 8a4 -Comment "NGen Worker Process"2⤵PID:2076
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8bc -InterruptEvent 8c0 -NGENProcess 818 -Pipe 8a8 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:2764
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8b8 -InterruptEvent 204 -NGENProcess 8ac -Pipe 8c4 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:2480
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 8c0 -InterruptEvent 838 -NGENProcess 8a4 -Pipe 8c8 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:1872
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:476 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 1bc -NGENProcess 1c0 -Pipe 1cc -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:752
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1c8 -InterruptEvent 234 -NGENProcess 23c -Pipe 240 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2612
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 1ac -NGENProcess 250 -Pipe 268 -Comment "NGen Worker Process"2⤵PID:892
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ac -InterruptEvent 2a4 -NGENProcess 274 -Pipe 2a0 -Comment "NGen Worker Process"2⤵PID:1688
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 2a8 -NGENProcess 294 -Pipe 29c -Comment "NGen Worker Process"2⤵PID:1552
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a8 -InterruptEvent 2ac -NGENProcess 250 -Pipe 290 -Comment "NGen Worker Process"2⤵PID:2064
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ac -InterruptEvent 2b0 -NGENProcess 274 -Pipe 264 -Comment "NGen Worker Process"2⤵PID:2204
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 250 -NGENProcess 274 -Pipe 2a4 -Comment "NGen Worker Process"2⤵PID:2052
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 2bc -NGENProcess 2b4 -Pipe 2b8 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:916
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 2b0 -NGENProcess 2a8 -Pipe 2bc -Comment "NGen Worker Process"2⤵PID:2576
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 2c8 -NGENProcess 298 -Pipe 2c4 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:1440
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 298 -NGENProcess 2c0 -Pipe 274 -Comment "NGen Worker Process"2⤵PID:1308
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 2d0 -NGENProcess 2a8 -Pipe 250 -Comment "NGen Worker Process"2⤵PID:1036
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 2a8 -NGENProcess 2c8 -Pipe 2cc -Comment "NGen Worker Process"2⤵PID:2424
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a8 -InterruptEvent 2d8 -NGENProcess 2c0 -Pipe 2b0 -Comment "NGen Worker Process"2⤵PID:1824
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 2c0 -NGENProcess 2d0 -Pipe 2d4 -Comment "NGen Worker Process"2⤵PID:1580
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 2e0 -NGENProcess 2c8 -Pipe 298 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:1492
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 2c8 -NGENProcess 2d8 -Pipe 2dc -Comment "NGen Worker Process"2⤵PID:2444
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 2e8 -NGENProcess 2d0 -Pipe 2a8 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:112
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 2d0 -NGENProcess 2e0 -Pipe 2e4 -Comment "NGen Worker Process"2⤵PID:2456
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 2f0 -NGENProcess 2d8 -Pipe 2c0 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:772
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 2d8 -NGENProcess 2e8 -Pipe 2ec -Comment "NGen Worker Process"2⤵PID:2828
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 2f8 -NGENProcess 2e0 -Pipe 2c8 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:1644
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 2e0 -NGENProcess 2f0 -Pipe 2f4 -Comment "NGen Worker Process"2⤵PID:852
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 300 -NGENProcess 2e8 -Pipe 2d0 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:2612
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 2e8 -NGENProcess 2f8 -Pipe 2fc -Comment "NGen Worker Process"2⤵PID:1704
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 308 -NGENProcess 2f0 -Pipe 2d8 -Comment "NGen Worker Process"2⤵PID:1784
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 2f0 -NGENProcess 300 -Pipe 304 -Comment "NGen Worker Process"2⤵PID:2064
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 310 -NGENProcess 2f8 -Pipe 2e0 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:3056
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 2f8 -NGENProcess 308 -Pipe 30c -Comment "NGen Worker Process"2⤵PID:1780
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 318 -NGENProcess 300 -Pipe 2e8 -Comment "NGen Worker Process"2⤵PID:2052
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 300 -NGENProcess 310 -Pipe 314 -Comment "NGen Worker Process"2⤵PID:2852
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 320 -NGENProcess 308 -Pipe 2f0 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:2128
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 308 -NGENProcess 318 -Pipe 31c -Comment "NGen Worker Process"2⤵PID:2300
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 328 -NGENProcess 310 -Pipe 2f8 -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:1660
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 310 -NGENProcess 320 -Pipe 324 -Comment "NGen Worker Process"2⤵PID:2784
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 330 -NGENProcess 318 -Pipe 300 -Comment "NGen Worker Process"2⤵PID:2424
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 318 -NGENProcess 328 -Pipe 32c -Comment "NGen Worker Process"2⤵
- Drops file in System32 directory
PID:2612
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 338 -NGENProcess 320 -Pipe 308 -Comment "NGen Worker Process"2⤵PID:2096
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 33c -NGENProcess 334 -Pipe 1ac -Comment "NGen Worker Process"2⤵PID:2312
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 340 -NGENProcess 328 -Pipe 310 -Comment "NGen Worker Process"2⤵PID:620
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 344 -NGENProcess 320 -Pipe 26c -Comment "NGen Worker Process"2⤵PID:2528
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 348 -NGENProcess 334 -Pipe 330 -Comment "NGen Worker Process"2⤵PID:1044
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 334 -NGENProcess 340 -Pipe 328 -Comment "NGen Worker Process"2⤵PID:3064
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 340 -NGENProcess 318 -Pipe 320 -Comment "NGen Worker Process"2⤵PID:1436
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 354 -NGENProcess 34c -Pipe 33c -Comment "NGen Worker Process"2⤵PID:548
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 34c -NGENProcess 334 -Pipe 350 -Comment "NGen Worker Process"2⤵PID:2576
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 34c -InterruptEvent 35c -NGENProcess 318 -Pipe 348 -Comment "NGen Worker Process"2⤵PID:2264
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 360 -NGENProcess 358 -Pipe 338 -Comment "NGen Worker Process"2⤵PID:2200
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 364 -NGENProcess 334 -Pipe 340 -Comment "NGen Worker Process"2⤵PID:1652
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 368 -NGENProcess 318 -Pipe 344 -Comment "NGen Worker Process"2⤵PID:2916
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 36c -NGENProcess 358 -Pipe 354 -Comment "NGen Worker Process"2⤵PID:2784
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 370 -NGENProcess 334 -Pipe 34c -Comment "NGen Worker Process"2⤵PID:944
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 374 -NGENProcess 318 -Pipe 35c -Comment "NGen Worker Process"2⤵PID:1496
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 378 -NGENProcess 358 -Pipe 360 -Comment "NGen Worker Process"2⤵PID:1788
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 37c -NGENProcess 334 -Pipe 364 -Comment "NGen Worker Process"2⤵PID:1740
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 380 -NGENProcess 318 -Pipe 368 -Comment "NGen Worker Process"2⤵PID:2984
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 384 -NGENProcess 358 -Pipe 36c -Comment "NGen Worker Process"2⤵PID:1552
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 384 -InterruptEvent 388 -NGENProcess 334 -Pipe 370 -Comment "NGen Worker Process"2⤵PID:2744
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 38c -NGENProcess 318 -Pipe 374 -Comment "NGen Worker Process"2⤵PID:1924
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 390 -NGENProcess 358 -Pipe 378 -Comment "NGen Worker Process"2⤵PID:1796
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 394 -NGENProcess 334 -Pipe 37c -Comment "NGen Worker Process"2⤵PID:2672
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 398 -NGENProcess 318 -Pipe 380 -Comment "NGen Worker Process"2⤵PID:1044
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 398 -InterruptEvent 39c -NGENProcess 358 -Pipe 384 -Comment "NGen Worker Process"2⤵PID:2112
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 3a0 -NGENProcess 334 -Pipe 388 -Comment "NGen Worker Process"2⤵PID:2080
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 3a4 -NGENProcess 318 -Pipe 38c -Comment "NGen Worker Process"2⤵PID:1788
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 3a8 -NGENProcess 358 -Pipe 390 -Comment "NGen Worker Process"2⤵PID:1080
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 3ac -NGENProcess 334 -Pipe 394 -Comment "NGen Worker Process"2⤵PID:336
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 3b0 -NGENProcess 3a8 -Pipe 3ac -Comment "NGen Worker Process"2⤵PID:1704
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 3b4 -NGENProcess 358 -Pipe 39c -Comment "NGen Worker Process"2⤵
- Drops file in Windows directory
PID:2824
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 358 -NGENProcess 318 -Pipe 334 -Comment "NGen Worker Process"2⤵PID:620
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 3bc -NGENProcess 3a8 -Pipe 3a4 -Comment "NGen Worker Process"2⤵PID:2704
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 3c0 -NGENProcess 3b8 -Pipe 398 -Comment "NGen Worker Process"2⤵PID:2936
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 3c4 -NGENProcess 318 -Pipe 3b0 -Comment "NGen Worker Process"2⤵PID:1312
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c4 -InterruptEvent 3c8 -NGENProcess 3a8 -Pipe 3a0 -Comment "NGen Worker Process"2⤵PID:2292
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 3cc -NGENProcess 3b8 -Pipe 3b4 -Comment "NGen Worker Process"2⤵PID:2552
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 3d0 -NGENProcess 318 -Pipe 358 -Comment "NGen Worker Process"2⤵PID:2444
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 3d4 -NGENProcess 3a8 -Pipe 3bc -Comment "NGen Worker Process"2⤵PID:2780
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 3d8 -NGENProcess 3b8 -Pipe 3c0 -Comment "NGen Worker Process"2⤵PID:1712
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 3dc -NGENProcess 318 -Pipe 3c4 -Comment "NGen Worker Process"2⤵PID:2120
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3dc -InterruptEvent 3e0 -NGENProcess 3a8 -Pipe 3c8 -Comment "NGen Worker Process"2⤵PID:2044
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 3e4 -NGENProcess 3b8 -Pipe 3cc -Comment "NGen Worker Process"2⤵PID:2736
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 3e8 -NGENProcess 318 -Pipe 3d0 -Comment "NGen Worker Process"2⤵PID:2876
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 3ec -NGENProcess 3a8 -Pipe 3d4 -Comment "NGen Worker Process"2⤵PID:2936
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 3f0 -NGENProcess 3b8 -Pipe 3d8 -Comment "NGen Worker Process"2⤵PID:1164
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3f0 -InterruptEvent 3f4 -NGENProcess 318 -Pipe 3dc -Comment "NGen Worker Process"2⤵PID:2836
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 3f8 -NGENProcess 3a8 -Pipe 3e0 -Comment "NGen Worker Process"2⤵PID:2552
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3f8 -InterruptEvent 3fc -NGENProcess 3b8 -Pipe 3e4 -Comment "NGen Worker Process"2⤵PID:2592
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3fc -InterruptEvent 404 -NGENProcess 318 -Pipe 3e8 -Comment "NGen Worker Process"2⤵PID:2392
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 408 -NGENProcess 3a8 -Pipe 3ec -Comment "NGen Worker Process"2⤵PID:1308
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 408 -InterruptEvent 40c -NGENProcess 3b8 -Pipe 3f0 -Comment "NGen Worker Process"2⤵PID:1952
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 40c -InterruptEvent 410 -NGENProcess 318 -Pipe 3f4 -Comment "NGen Worker Process"2⤵PID:2480
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 410 -InterruptEvent 414 -NGENProcess 3a8 -Pipe 3f8 -Comment "NGen Worker Process"2⤵PID:2784
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 418 -NGENProcess 3b8 -Pipe 3fc -Comment "NGen Worker Process"2⤵PID:916
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 41c -NGENProcess 318 -Pipe 404 -Comment "NGen Worker Process"2⤵PID:2080
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 41c -InterruptEvent 420 -NGENProcess 3a8 -Pipe 408 -Comment "NGen Worker Process"2⤵PID:2564
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 420 -InterruptEvent 424 -NGENProcess 3b8 -Pipe 40c -Comment "NGen Worker Process"2⤵PID:2192
-
-
C:\Windows\ehome\ehRecvr.exeC:\Windows\ehome\ehRecvr.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:548
-
C:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehsched.exe1⤵
- Executes dropped EXE
PID:324
-
C:\Windows\eHome\EhTray.exe"C:\Windows\eHome\EhTray.exe" /nav:-21⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2868
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2472
-
C:\Windows\system32\IEEtwCollector.exeC:\Windows\system32\IEEtwCollector.exe /V1⤵
- Executes dropped EXE
PID:2052
-
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1084
-
C:\Windows\ehome\ehRec.exeC:\Windows\ehome\ehRec.exe -Embedding1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:900
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2304
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2164
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1608
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:2560
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:2992
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:2160
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:2948
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:1752
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1416
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2500
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:1096
-
C:\Program Files\Windows Media Player\wmpnetwk.exe"C:\Program Files\Windows Media Player\wmpnetwk.exe"1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1156
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:852
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 5922⤵
- Modifies data under HKEY_USERS
PID:2876
-
Network
-
Remote address:8.8.8.8:53Requestpywolwnvd.bizIN AResponsepywolwnvd.bizIN A54.244.188.177
-
POSThttp://pywolwnvd.biz/clogjprwfbdwh2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exeRemote address:54.244.188.177:80RequestPOST /clogjprwfbdwh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 926
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ba14ac7b61d0ba3529319dbb805fb650|138.199.29.44|1727639348|1727639348|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestpywolwnvd.bizIN AResponsepywolwnvd.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /kqowfnobwv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4f0976615a1f498fbea02718396c4bab|138.199.29.44|1727639349|1727639349|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestssbzmoy.bizIN AResponsessbzmoy.bizIN A18.141.10.107
-
POSThttp://ssbzmoy.biz/tymlajgr2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exeRemote address:18.141.10.107:80RequestPOST /tymlajgr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 926
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=36ac16a2b1ab3a74d34100331451c1cd|138.199.29.44|1727639349|1727639349|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestssbzmoy.bizIN AResponsessbzmoy.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /s HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c16feb30b17fda06b94e946b38bef31d|138.199.29.44|1727639349|1727639349|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestcvgrf.bizIN AResponsecvgrf.bizIN A54.244.188.177
-
Remote address:8.8.8.8:53Requestcvgrf.bizIN AResponsecvgrf.bizIN A54.244.188.177
-
POSThttp://cvgrf.biz/fqtmindswrhwm2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exeRemote address:54.244.188.177:80RequestPOST /fqtmindswrhwm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 926
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=943b4f2c5741b8b42000d1e2e0941984|138.199.29.44|1727639350|1727639350|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:54.244.188.177:80RequestPOST /fqtmindswrhwm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a2c38be36efe96cc82cca14f087b30c7|138.199.29.44|1727639350|1727639350|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestnpukfztj.bizIN AResponsenpukfztj.bizIN A44.221.84.105
-
Remote address:8.8.8.8:53Requestnpukfztj.bizIN AResponsenpukfztj.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /npvx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6c08e2e395922e74cca5fe7df6948b11|138.199.29.44|1727639350|1727639350|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:44.221.84.105:80RequestPOST /npvx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 926
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9ae055bee70cdcf7fdfed66a57a4a2d1|138.199.29.44|1727639350|1727639350|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestprzvgke.bizIN AResponseprzvgke.bizIN A172.234.222.138przvgke.bizIN A172.234.222.143
-
Remote address:8.8.8.8:53Requestprzvgke.bizIN AResponseprzvgke.bizIN A172.234.222.138przvgke.bizIN A172.234.222.143
-
Remote address:172.234.222.138:80RequestPOST /umfuwhnusc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
POSThttp://przvgke.biz/mbconumlckgfpa2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exeRemote address:172.234.222.138:80RequestPOST /mbconumlckgfpa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 926
-
Remote address:172.234.222.138:80RequestPOST /mvtdgboqgcrheyt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
POSThttp://przvgke.biz/xwvhvuxnoidsfbvk2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exeRemote address:172.234.222.138:80RequestPOST /xwvhvuxnoidsfbvk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 926
-
Remote address:8.8.8.8:53Requestzlenh.bizIN AResponse
-
Remote address:8.8.8.8:53Requestzlenh.bizIN AResponse
-
Remote address:8.8.8.8:53Requestknjghuig.bizIN AResponseknjghuig.bizIN A18.141.10.107
-
Remote address:8.8.8.8:53Requestknjghuig.bizIN AResponseknjghuig.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /uyqf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8dc840b94a76bde1cad9c3686e8dfe89|138.199.29.44|1727639352|1727639352|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
POSThttp://knjghuig.biz/monxjqhi2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exeRemote address:18.141.10.107:80RequestPOST /monxjqhi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 926
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:49:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0015f84820bd184fe12b5dd2972280b0|138.199.29.44|1727639352|1727639352|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestuhxqin.bizIN AResponse
-
Remote address:8.8.8.8:53Requestanpmnmxo.bizIN AResponse
-
Remote address:8.8.8.8:53Requestlpuegx.bizIN AResponselpuegx.bizIN A82.112.184.197
-
Remote address:8.8.8.8:53Requestuhxqin.bizIN AResponse
-
Remote address:8.8.8.8:53Requestanpmnmxo.bizIN AResponse
-
Remote address:8.8.8.8:53Requestlpuegx.bizIN AResponselpuegx.bizIN A82.112.184.197
-
Remote address:8.8.8.8:53Requestvjaxhpbji.bizIN AResponsevjaxhpbji.bizIN A82.112.184.197
-
Remote address:8.8.8.8:53Requestxlfhhhm.bizIN AResponsexlfhhhm.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /khasxn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xlfhhhm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f1d48a6de35eda3c90f9c459496a4590|138.199.29.44|1727639437|1727639437|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestifsaia.bizIN AResponseifsaia.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /sqpey HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ifsaia.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a7388d088eb814f6fd20fadc9d627cca|138.199.29.44|1727639438|1727639438|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestsaytjshyf.bizIN AResponsesaytjshyf.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /ujwvlyxvqmpb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: saytjshyf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=42faa3a81157dde59cabe7c7b08e3620|138.199.29.44|1727639439|1727639439|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestvcddkls.bizIN AResponsevcddkls.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /mveekmr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vcddkls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e4e14b37c97d862c235abcd790131314|138.199.29.44|1727639439|1727639439|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestfwiwk.bizIN AResponsefwiwk.bizIN A172.234.222.138fwiwk.bizIN A172.234.222.143
-
Remote address:172.234.222.138:80RequestPOST /dvjrhaideklpr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
Remote address:172.234.222.138:80RequestPOST /pjvkoymgqiqugt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
Remote address:8.8.8.8:53Requesttbjrpv.bizIN AResponsetbjrpv.bizIN A34.246.200.160
-
Remote address:34.246.200.160:80RequestPOST /wgmhv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tbjrpv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=99fb77ecb9acc687223bb38af8b05e02|138.199.29.44|1727639440|1727639440|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestdeoci.bizIN AResponsedeoci.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /bpifsvqhv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: deoci.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=eb94c0304ac112111068613187909995|138.199.29.44|1727639441|1727639441|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestgytujflc.bizIN AResponsegytujflc.bizIN A208.100.26.245
-
Remote address:208.100.26.245:80RequestPOST /jtavacegivlrxyys HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 404 Not Found
Date: Sun, 29 Sep 2024 19:50:41 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
-
Remote address:208.100.26.245:80RequestPOST /tegk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 404 Not Found
Date: Sun, 29 Sep 2024 19:50:41 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
-
Remote address:208.100.26.245:80RequestPOST /j HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 404 Not Found
Date: Sun, 29 Sep 2024 19:50:45 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
-
Remote address:208.100.26.245:80RequestPOST /wihqtwqrqf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 404 Not Found
Date: Sun, 29 Sep 2024 19:50:45 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
-
Remote address:208.100.26.245:80RequestPOST /lidilil HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 404 Not Found
Date: Sun, 29 Sep 2024 19:51:07 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
-
Remote address:208.100.26.245:80RequestPOST /ymmdhxayijwuuyms HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 404 Not Found
Date: Sun, 29 Sep 2024 19:51:08 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestqaynky.bizIN AResponseqaynky.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /vc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qaynky.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e69707840e04c17e5dc0875f312fef02|138.199.29.44|1727639442|1727639442|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestbumxkqgxu.bizIN AResponsebumxkqgxu.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /acjtim HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bumxkqgxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=37ec8af09dbb1a221a605301d7fc020f|138.199.29.44|1727639443|1727639443|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestdwrqljrr.bizIN AResponsedwrqljrr.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /x HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dwrqljrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=45328b32a0370b2db5043520eaa2fb1d|138.199.29.44|1727639443|1727639443|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestnqwjmb.bizIN AResponsenqwjmb.bizIN A35.164.78.200
-
Remote address:35.164.78.200:80RequestPOST /gmrnnmqo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nqwjmb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3f081195f5c7d1e3dd2b7dcca46d4471|138.199.29.44|1727639444|1727639444|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestytctnunms.bizIN AResponseytctnunms.bizIN A3.94.10.34
-
Remote address:3.94.10.34:80RequestPOST /dkrvffendxiflp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ytctnunms.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=03e5e6d241e980112161c9061d1f842b|138.199.29.44|1727639444|1727639444|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestmyups.bizIN AResponsemyups.bizIN A165.160.15.20myups.bizIN A165.160.13.20
-
Remote address:165.160.15.20:80RequestPOST /kojlm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Content-Length: 94
-
Remote address:165.160.15.20:80RequestPOST /ygcdbiigahutt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Content-Length: 94
-
Remote address:8.8.8.8:53Requestoshhkdluh.bizIN AResponseoshhkdluh.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /bmxkqtmycv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oshhkdluh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=588f8d80a22b8d1785b8d09b453a9619|138.199.29.44|1727639445|1727639445|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestyunalwv.bizIN AResponseyunalwv.bizIN A208.100.26.245
-
Remote address:8.8.8.8:53Requestjpskm.bizIN AResponsejpskm.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /bwgfwbvriomp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jpskm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bb45e1983d994c02f08065d62ce3c56e|138.199.29.44|1727639446|1727639446|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestlrxdmhrr.bizIN AResponselrxdmhrr.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /wu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: lrxdmhrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3581b1174d381f7de8f550c5a3330d7c|138.199.29.44|1727639446|1727639446|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestwllvnzb.bizIN AResponsewllvnzb.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /nstelcxd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wllvnzb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d24e879c41d41f89ead0f625f987453a|138.199.29.44|1727639447|1727639447|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestgnqgo.bizIN AResponsegnqgo.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /ocltjsnm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gnqgo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=323daa04e11dd739c8bf68bbd74491f5|138.199.29.44|1727639448|1727639448|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestjhvzpcfg.bizIN AResponsejhvzpcfg.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /kftnbgygfypyyd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jhvzpcfg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3d01d8dda77dece751ca8157cc35439c|138.199.29.44|1727639448|1727639448|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestacwjcqqv.bizIN AResponseacwjcqqv.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /qxyrqajy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: acwjcqqv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=87d384a99e6125d72c50d6548ee906eb|138.199.29.44|1727639449|1727639449|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestlejtdj.bizIN AResponse
-
Remote address:8.8.8.8:53Requestvyome.bizIN AResponsevyome.bizIN A44.213.104.86
-
Remote address:44.213.104.86:80RequestPOST /ffycennqeuprrmfb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vyome.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d2c5772e70164ea96ac38593340d8181|138.199.29.44|1727639450|1727639450|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestyauexmxk.bizIN AResponseyauexmxk.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /mjjysui HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yauexmxk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=af27eac19e28dabac559dd0e03116c2b|138.199.29.44|1727639450|1727639450|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestiuzpxe.bizIN AResponseiuzpxe.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /imslkispnhfd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: iuzpxe.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f77033273821d77d099646aed0b9116a|138.199.29.44|1727639451|1727639451|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestsxmiywsfv.bizIN AResponsesxmiywsfv.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /lfyc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sxmiywsfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=797a51a1e0a5b561db23d3b4ec16d0bd|138.199.29.44|1727639452|1727639452|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestvrrazpdh.bizIN AResponsevrrazpdh.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /utcaggfslvh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vrrazpdh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7b876a865d47268f338035cf130ddbce|138.199.29.44|1727639452|1727639452|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestftxlah.bizIN AResponseftxlah.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /sdntvmvekqitsp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ftxlah.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=14cad9d53b4cbf239845bb19e594bfbb|138.199.29.44|1727639453|1727639453|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requesttypgfhb.bizIN AResponsetypgfhb.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /xekdshulb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: typgfhb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=18664345d9f7de23efbd90c345300073|138.199.29.44|1727639454|1727639454|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestesuzf.bizIN AResponseesuzf.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /nuapbfbpx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: esuzf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=214cd626c7fe8c09ee10c21d6cfa10bb|138.199.29.44|1727639455|1727639455|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestgvijgjwkh.bizIN AResponsegvijgjwkh.bizIN A3.94.10.34
-
Remote address:3.94.10.34:80RequestPOST /vsbcarqtobedbdtn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gvijgjwkh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8aea93ec50ec43dcb18659fcad462dd4|138.199.29.44|1727639455|1727639455|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestqpnczch.bizIN AResponseqpnczch.bizIN A44.213.104.86
-
Remote address:44.213.104.86:80RequestPOST /dplroy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qpnczch.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=131d217a5b6c4487cbbe1950e4ec105a|138.199.29.44|1727639455|1727639455|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestbrsua.bizIN AResponsebrsua.bizIN A3.254.94.185
-
Remote address:3.254.94.185:80RequestPOST /qiqdxrvkivgnxuxd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: brsua.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f9c6e891d233901558fb187bf7de8793|138.199.29.44|1727639456|1727639456|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestdlynankz.bizIN AResponsedlynankz.bizIN A85.214.228.140
-
Remote address:85.214.228.140:80RequestPOST /owl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dlynankz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 404 Not Found
Date: Sun, 29 Sep 2024 19:50:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
-
Remote address:8.8.8.8:53Requestoflybfv.bizIN AResponseoflybfv.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /hlik HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oflybfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c078cb2202a7db1916d651b158ba29a4|138.199.29.44|1727639457|1727639457|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestyhqqc.bizIN AResponseyhqqc.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /jepbukmjkml HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yhqqc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=725f3f2a69725e787ec7d89cd92ce77b|138.199.29.44|1727639457|1727639457|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestmnjmhp.bizIN AResponsemnjmhp.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /rd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mnjmhp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dd396ef4e78af4d2f3d220e6abbd6120|138.199.29.44|1727639458|1727639458|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestopowhhece.bizIN AResponseopowhhece.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /buwbqeswr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: opowhhece.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d1ed353d50eebf44366eaf18416fb8ba|138.199.29.44|1727639458|1727639458|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestzjbpaao.bizIN AResponse
-
Remote address:8.8.8.8:53Requestjdhhbs.bizIN AResponsejdhhbs.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /qytvdmefsmuolk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jdhhbs.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:50:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=12f0d8d1ae05d0e8447b29271afda180|138.199.29.44|1727639459|1727639459|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestmgmsclkyu.bizIN AResponsemgmsclkyu.bizIN A34.246.200.160
-
Remote address:34.246.200.160:80RequestPOST /c HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mgmsclkyu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=63d9fbc11f8b13a174277c49bcfef0b1|138.199.29.44|1727639460|1727639460|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestwarkcdu.bizIN AResponsewarkcdu.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /ppavanksamf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: warkcdu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9eb81748ec12d48713b64c0058fcdb76|138.199.29.44|1727639461|1727639461|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestgcedd.bizIN AResponsegcedd.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /ki HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gcedd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=60d3d9a3cec5ae188e06fdf23c05cef7|138.199.29.44|1727639462|1727639462|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestjwkoeoqns.bizIN AResponsejwkoeoqns.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /ncoeqjjxw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jwkoeoqns.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8d8640c4bed682906e0c99c2744c3ca9|138.199.29.44|1727639462|1727639462|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestxccjj.bizIN AResponsexccjj.bizIN A44.213.104.86
-
Remote address:44.213.104.86:80RequestPOST /sut HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xccjj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=823b6803e93d708f4065263d9d249e88|138.199.29.44|1727639462|1727639462|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requesthehckyov.bizIN AResponsehehckyov.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /iregojooqg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hehckyov.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=03e6bda2f5bc77a51749abcf73c43df7|138.199.29.44|1727639463|1727639463|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestrynmcq.bizIN AResponserynmcq.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /pnvvdqcndmgbmetb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rynmcq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a3f87bb9cce699a8ea55b6815dad6b05|138.199.29.44|1727639463|1727639463|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestuaafd.bizIN AResponseuaafd.bizIN A3.254.94.185
-
Remote address:3.254.94.185:80RequestPOST /xmwhddr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uaafd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7ee25b8787fa0f7d88db7de2485a2843|138.199.29.44|1727639463|1727639463|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requesteufxebus.bizIN AResponseeufxebus.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /tpgtcqcrjwooy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: eufxebus.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=72e4df7aa43b6a6e4412686d0c3aa1d6|138.199.29.44|1727639464|1727639464|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestpwlqfu.bizIN AResponsepwlqfu.bizIN A34.246.200.160
-
Remote address:34.246.200.160:80RequestPOST /vjmk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pwlqfu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e69c229bd0ca1a799518482655c40f66|138.199.29.44|1727639465|1727639465|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestrrqafepng.bizIN AResponserrqafepng.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /rmvwgknhmf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rrqafepng.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b83b2f263ca76f04395f503445a34efd|138.199.29.44|1727639465|1727639465|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestctdtgwag.bizIN AResponsectdtgwag.bizIN A3.94.10.34
-
Remote address:3.94.10.34:80RequestPOST /ftms HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ctdtgwag.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=98d651ec08fe0dab8c3d4e3286091522|138.199.29.44|1727639466|1727639466|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requesttnevuluw.bizIN AResponsetnevuluw.bizIN A35.164.78.200
-
Remote address:35.164.78.200:80RequestPOST /mqwiohfodx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tnevuluw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ecc438ec893de372f03b1dd9e2b3734e|138.199.29.44|1727639466|1727639466|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestwhjovd.bizIN AResponsewhjovd.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /jvvqgblueobflmdn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: whjovd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ddd52668c4360245222823bbdae6c066|138.199.29.44|1727639467|1727639467|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestgjogvvpsf.bizIN AResponsegjogvvpsf.bizIN A208.100.26.245
-
Remote address:8.8.8.8:53Requestreczwga.bizIN AResponsereczwga.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /tluxaoyipkefsv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: reczwga.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1a50fa51a86e715dbf673556662aada1|138.199.29.44|1727639468|1727639468|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestbghjpy.bizIN AResponsebghjpy.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /geakipqt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bghjpy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5642781ab87e009683247fe8c5d4845c|138.199.29.44|1727639468|1727639468|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestdamcprvgv.bizIN AResponsedamcprvgv.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /ovcvpugenwrkdln HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: damcprvgv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b8c05ff6796719ca70e16cbbe5fe688c|138.199.29.44|1727639469|1727639469|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestocsvqjg.bizIN AResponseocsvqjg.bizIN A3.254.94.185
-
Remote address:3.254.94.185:80RequestPOST /vamlwc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ocsvqjg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d122e2b53b594c018d57c2a5edd4ae1b|138.199.29.44|1727639469|1727639469|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestywffr.bizIN AResponseywffr.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /sduxvoewwqo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ywffr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=676c428204895b586c37d039c6e44171|138.199.29.44|1727639469|1727639469|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestecxbwt.bizIN AResponseecxbwt.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /qmgqluuivfqgyc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ecxbwt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4b52f4421f01397158d5a6d792c0cea5|138.199.29.44|1727639470|1727639470|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestpectx.bizIN AResponsepectx.bizIN A44.213.104.86
-
Remote address:44.213.104.86:80RequestPOST /ykhdk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pectx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=289ffede4b8d0c92dffe9b3c9e3523a7|138.199.29.44|1727639470|1727639470|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestzyiexezl.bizIN AResponsezyiexezl.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /fvnhbccetrescro HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zyiexezl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b1d1f849185416df4e719d50d98a07c4|138.199.29.44|1727639471|1727639471|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestbanwyw.bizIN AResponsebanwyw.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /bgvb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: banwyw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e60e65b29e6255ff1e4e24b0bd4c9347|138.199.29.44|1727639471|1727639471|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestmuapr.bizIN AResponse
-
Remote address:8.8.8.8:53Requestwxgzshna.bizIN AResponsewxgzshna.bizIN A72.52.178.23
-
Remote address:72.52.178.23:80RequestPOST /ubbgy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wxgzshna.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
Remote address:72.52.178.23:80RequestPOST /qejrxwbkcj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wxgzshna.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
Remote address:8.8.8.8:53Requestzrlssa.bizIN AResponsezrlssa.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /iqqav HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zrlssa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f9ff68d1a3738e27fcb86f0068e8f405|138.199.29.44|1727639472|1727639472|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestjlqltsjvh.bizIN AResponsejlqltsjvh.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /hcxqcepxouppvlsa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jlqltsjvh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2743e94675b63c7cfd2f8e59349f9330|138.199.29.44|1727639473|1727639473|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestxyrgy.bizIN AResponsexyrgy.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /bmpgscfabvvixavj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xyrgy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fc1594681c647d5433703430149a87ba|138.199.29.44|1727639473|1727639473|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requesthtwqzczce.bizIN AResponsehtwqzczce.bizIN A172.234.222.138htwqzczce.bizIN A172.234.222.143
-
Remote address:172.234.222.138:80RequestPOST /ofukjvwrie HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
Remote address:172.234.222.138:80RequestPOST /bsnejvbucch HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
Remote address:8.8.8.8:53Requestkvbjaur.bizIN AResponsekvbjaur.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /rfutpq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kvbjaur.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e6061e0343373f3c0fa8e5d6c711d9fd|138.199.29.44|1727639474|1727639474|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestuphca.bizIN AResponseuphca.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /qoamxplex HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uphca.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e098f33af6a9da062100712606e48b7e|138.199.29.44|1727639475|1727639475|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestfjumtfnz.bizIN AResponsefjumtfnz.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /vgf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fjumtfnz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=63d07a57837c78fbec7fba49161edcc0|138.199.29.44|1727639475|1727639475|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requesthlzfuyy.bizIN AResponsehlzfuyy.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /dwdp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hlzfuyy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=234205cf60f3add143dd278b1a8ac3c7|138.199.29.44|1727639476|1727639476|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestrffxu.bizIN AResponserffxu.bizIN A34.246.200.160
-
Remote address:34.246.200.160:80RequestPOST /yudflvxiic HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rffxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=54e24901ce77e052406ade1a0b95573d|138.199.29.44|1727639476|1727639476|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestcikivjto.bizIN AResponsecikivjto.bizIN A44.213.104.86
-
Remote address:44.213.104.86:80RequestPOST /h HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cikivjto.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=371f8e49a8ebfe6b13d2986b89e8000b|138.199.29.44|1727639476|1727639476|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestqncdaagct.bizIN AResponseqncdaagct.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /ouxkhqfg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qncdaagct.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=64ea7d1926dda5c625b2754265426020|138.199.29.44|1727639477|1727639477|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestshpwbsrw.bizIN AResponseshpwbsrw.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /nbkphuscoyy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: shpwbsrw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b150691a032409917e5aa7b3ed2c386a|138.199.29.44|1727639478|1727639478|0|1|0; path=/; domain=.shpwbsrw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestcjvgcl.bizIN AResponsecjvgcl.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /ayeknbgfhpdptb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cjvgcl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a4edd48cb935ac83c2ac9aa548962c31|138.199.29.44|1727639479|1727639479|0|1|0; path=/; domain=.cjvgcl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestneazudmrq.bizIN AResponseneazudmrq.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /vdtv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: neazudmrq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0ab7c8f142a0fdd7a042cbfee5aee321|138.199.29.44|1727639479|1727639479|0|1|0; path=/; domain=.neazudmrq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestpgfsvwx.bizIN AResponsepgfsvwx.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /kyelbumeqca HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pgfsvwx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=52a2c7aeb3395a9bfd58d0185944af4e|138.199.29.44|1727639479|1727639479|0|1|0; path=/; domain=.pgfsvwx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestaatcwo.bizIN AResponseaatcwo.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /qrjxj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: aatcwo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9f6225a2a28d06181d55d1c0808c4687|138.199.29.44|1727639480|1727639480|0|1|0; path=/; domain=.aatcwo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestkcyvxytog.bizIN AResponsekcyvxytog.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /cvtvfpp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kcyvxytog.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7624dbf5c586436f825ffa90261408f7|138.199.29.44|1727639481|1727639481|0|1|0; path=/; domain=.kcyvxytog.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestnwdnxrd.bizIN AResponsenwdnxrd.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /o HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nwdnxrd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=abdf342ad04ec5c8f2495a1d2ec2f2f7|138.199.29.44|1727639481|1727639481|0|1|0; path=/; domain=.nwdnxrd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestereplfx.bizIN AResponseereplfx.bizIN A44.213.104.86
-
Remote address:44.213.104.86:80RequestPOST /wnbnuvwj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ereplfx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=96a993041f3b7e7185d0659ab82211cd|138.199.29.44|1727639481|1727639481|0|1|0; path=/; domain=.ereplfx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestptrim.bizIN AResponseptrim.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /mqfohfqqrxkojb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ptrim.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a12b09471c7ba64715be2eeb2d399d2c|138.199.29.44|1727639482|1727639482|0|1|0; path=/; domain=.ptrim.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestznwbniskf.bizIN AResponseznwbniskf.bizIN A47.129.31.212
-
Remote address:47.129.31.212:80RequestPOST /icmym HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: znwbniskf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a7d1f2fd39d92f2e032fa7592719a83b|138.199.29.44|1727639483|1727639483|0|1|0; path=/; domain=.znwbniskf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestcpclnad.bizIN AResponsecpclnad.bizIN A44.221.84.105
-
Remote address:8.8.8.8:53Requestcpclnad.bizIN A
-
Remote address:44.221.84.105:80RequestPOST /hsagkwfvle HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cpclnad.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7606a005fc48352eb31fd4d02d7d2102|138.199.29.44|1727639485|1727639485|0|1|0; path=/; domain=.cpclnad.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestmjheo.bizIN AResponsemjheo.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /gect HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mjheo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=61bb57fc8d6ab5cfa470b886ab961de2|138.199.29.44|1727639485|1727639485|0|1|0; path=/; domain=.mjheo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestwluwplyh.bizIN AResponsewluwplyh.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /fpjjmhyktvimbbi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wluwplyh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=debe6685d221bf8fb834ef8d24c10832|138.199.29.44|1727639486|1727639486|0|1|0; path=/; domain=.wluwplyh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestzgapiej.bizIN AResponsezgapiej.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /ngyuuegoxqejkn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zgapiej.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a1dd74f6a6645b8d6b01edd9f91c2a91|138.199.29.44|1727639486|1727639486|0|1|0; path=/; domain=.zgapiej.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestjifai.bizIN AResponsejifai.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /jjh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jifai.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a9ea1d9aa451e046c232f8cd10b4f2c4|138.199.29.44|1727639487|1727639487|0|1|0; path=/; domain=.jifai.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestxnxvnn.bizIN AResponsexnxvnn.bizIN A13.251.16.150
-
Remote address:13.251.16.150:80RequestPOST /ivowsmlgrmfmyw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xnxvnn.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=89cfe6de5054ed220f8cf761ebaf1e31|138.199.29.44|1727639487|1727639487|0|1|0; path=/; domain=.xnxvnn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestihcnogskt.bizIN AResponseihcnogskt.bizIN A35.164.78.200
-
Remote address:35.164.78.200:80RequestPOST /eovhf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ihcnogskt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7cdfc7fbd2334a82e3e7275788b3662e|138.199.29.44|1727639488|1727639488|0|1|0; path=/; domain=.ihcnogskt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestkkqypycm.bizIN AResponsekkqypycm.bizIN A18.141.10.107
-
Remote address:18.141.10.107:80RequestPOST /lnwsegayhybo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kkqypycm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=396c3bb40dae6649295f8ad25af12865|138.199.29.44|1727639489|1727639489|0|1|0; path=/; domain=.kkqypycm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestuevrpr.bizIN AResponseuevrpr.bizIN A44.213.104.86
-
Remote address:44.213.104.86:80RequestPOST /oyek HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uevrpr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=99cacadbcb09e34da41012d5d91eb52e|138.199.29.44|1727639489|1727639489|0|1|0; path=/; domain=.uevrpr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestcrl.microsoft.comIN AResponsecrl.microsoft.comIN CNAMEcrl.www.ms.akadns.netcrl.www.ms.akadns.netIN CNAMEa1363.dscg.akamai.neta1363.dscg.akamai.netIN A2.19.117.22a1363.dscg.akamai.netIN A2.19.117.18
-
Remote address:2.19.117.22:80RequestGET /pki/crl/products/CSPCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 28 Feb 2009 02:01:22 GMT
If-None-Match: "0c55744899c91:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-MD5: om3LuUjaBeyK+XiF29FJsA==
Last-Modified: Thu, 02 Aug 2018 21:09:09 GMT
ETag: 0x8D5F8BC3066B2E2
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 391e2ae6-a01e-000d-31a7-088f64000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 29 Sep 2024 19:51:29 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestfgajqjyhr.bizIN AResponsefgajqjyhr.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /brjvaokymqxdn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fgajqjyhr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=16b04a32cc43c6726e0f534825844cc3|138.199.29.44|1727639490|1727639490|0|1|0; path=/; domain=.fgajqjyhr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requesthagujcj.bizIN AResponsehagujcj.bizIN A18.208.156.248
-
Remote address:18.208.156.248:80RequestPOST /kpx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hagujcj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f1bee2f6ed96731c9aba3fbb6e763ff7|138.199.29.44|1727639490|1727639490|0|1|0; path=/; domain=.hagujcj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestsctmku.bizIN AResponsesctmku.bizIN A35.164.78.200
-
Remote address:35.164.78.200:80RequestPOST /ascpqxrm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sctmku.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f41546708642e78e15e14c57ef56b698|138.199.29.44|1727639491|1727639491|0|1|0; path=/; domain=.sctmku.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestcwyfknmwh.bizIN AResponse
-
Remote address:8.8.8.8:53Requestqcrsp.bizIN AResponseqcrsp.bizIN A34.211.97.45
-
Remote address:34.211.97.45:80RequestPOST /lap HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qcrsp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=22f9d2000ddb59b83e58b13f2a0eb596|138.199.29.44|1727639491|1727639491|0|1|0; path=/; domain=.qcrsp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestsewlqwcd.bizIN AResponsesewlqwcd.bizIN A44.221.84.105
-
Remote address:44.221.84.105:80RequestPOST /ufetacjbx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sewlqwcd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9987a1f0b12878b7590da392981b0019|138.199.29.44|1727639492|1727639492|0|1|0; path=/; domain=.sewlqwcd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestdyjdrp.bizIN AResponsedyjdrp.bizIN A54.244.188.177
-
Remote address:54.244.188.177:80RequestPOST /iw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dyjdrp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
ResponseHTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 19:51:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dd6045d0c4178f23441cbd84e981bcba|138.199.29.44|1727639492|1727639492|0|1|0; path=/; domain=.dyjdrp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requestnapws.bizIN AResponsenapws.bizIN A104.155.138.21napws.bizIN A107.178.223.183
-
Remote address:104.155.138.21:80RequestPOST /xuwwndixr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: napws.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 770
-
54.244.188.177:80http://pywolwnvd.biz/clogjprwfbdwhhttp2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe1.6kB 667 B 6 6
HTTP Request
POST http://pywolwnvd.biz/clogjprwfbdwhHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://pywolwnvd.biz/kqowfnobwvHTTP Response
200 -
18.141.10.107:80http://ssbzmoy.biz/tymlajgrhttp2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe1.5kB 657 B 6 6
HTTP Request
POST http://ssbzmoy.biz/tymlajgrHTTP Response
200 -
1.4kB 665 B 6 6
HTTP Request
POST http://ssbzmoy.biz/sHTTP Response
200 -
54.244.188.177:80http://cvgrf.biz/fqtmindswrhwmhttp2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe1.6kB 655 B 6 6
HTTP Request
POST http://cvgrf.biz/fqtmindswrhwmHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://cvgrf.biz/fqtmindswrhwmHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://npukfztj.biz/npvxHTTP Response
200 -
44.221.84.105:80http://npukfztj.biz/npvxhttp2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe1.5kB 658 B 6 6
HTTP Request
POST http://npukfztj.biz/npvxHTTP Response
200 -
1.4kB 204 B 6 5
HTTP Request
POST http://przvgke.biz/umfuwhnusc -
172.234.222.138:80http://przvgke.biz/mbconumlckgfpahttp2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe1.6kB 204 B 6 5
HTTP Request
POST http://przvgke.biz/mbconumlckgfpa -
1.4kB 204 B 6 5
HTTP Request
POST http://przvgke.biz/mvtdgboqgcrheyt -
172.234.222.138:80http://przvgke.biz/xwvhvuxnoidsfbvkhttp2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe1.6kB 212 B 6 5
HTTP Request
POST http://przvgke.biz/xwvhvuxnoidsfbvk -
1.4kB 666 B 6 6
HTTP Request
POST http://knjghuig.biz/uyqfHTTP Response
200 -
18.141.10.107:80http://knjghuig.biz/monxjqhihttp2b0dd7486f83051c7a109d367dbc2307692dccb8a5bb358a97cd70cea76b1116.exe1.5kB 666 B 6 6
HTTP Request
POST http://knjghuig.biz/monxjqhiHTTP Response
200 -
52 B 1
-
152 B 3
-
144 B 3
-
152 B 3
-
152 B 3
-
1.4kB 657 B 6 6
HTTP Request
POST http://xlfhhhm.biz/khasxnHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://ifsaia.biz/sqpeyHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://saytjshyf.biz/ujwvlyxvqmpbHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://vcddkls.biz/mveekmrHTTP Response
200 -
1.4kB 164 B 6 4
HTTP Request
POST http://fwiwk.biz/dvjrhaideklpr -
1.4kB 164 B 6 4
HTTP Request
POST http://fwiwk.biz/pjvkoymgqiqugt -
1.4kB 664 B 6 6
HTTP Request
POST http://tbjrpv.biz/wgmhvHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://deoci.biz/bpifsvqhvHTTP Response
200 -
7.5kB 5.0kB 17 14
HTTP Request
POST http://gytujflc.biz/jtavacegivlrxyysHTTP Response
404HTTP Request
POST http://gytujflc.biz/tegkHTTP Response
404HTTP Request
POST http://yunalwv.biz/jHTTP Response
404HTTP Request
POST http://yunalwv.biz/wihqtwqrqfHTTP Response
404HTTP Request
POST http://gjogvvpsf.biz/lidililHTTP Response
404HTTP Request
POST http://gjogvvpsf.biz/ymmdhxayijwuuymsHTTP Response
404 -
1.4kB 664 B 6 6
HTTP Request
POST http://qaynky.biz/vcHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://bumxkqgxu.biz/acjtimHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://dwrqljrr.biz/xHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://nqwjmb.biz/gmrnnmqoHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://ytctnunms.biz/dkrvffendxiflpHTTP Response
200 -
2.6kB 708 B 9 9
HTTP Request
POST http://myups.biz/kojlmHTTP Response
200HTTP Request
POST http://myups.biz/ygcdbiigahuttHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://oshhkdluh.biz/bmxkqtmycvHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://jpskm.biz/bwgfwbvriompHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://lrxdmhrr.biz/wuHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://wllvnzb.biz/nstelcxdHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://gnqgo.biz/ocltjsnmHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://jhvzpcfg.biz/kftnbgygfypyydHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://acwjcqqv.biz/qxyrqajyHTTP Response
200 -
1.4kB 655 B 5 6
HTTP Request
POST http://vyome.biz/ffycennqeuprrmfbHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://yauexmxk.biz/mjjysuiHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://iuzpxe.biz/imslkispnhfdHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://sxmiywsfv.biz/lfycHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://vrrazpdh.biz/utcaggfslvhHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://ftxlah.biz/sdntvmvekqitspHTTP Response
200 -
1.4kB 665 B 6 6
HTTP Request
POST http://typgfhb.biz/xekdshulbHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://esuzf.biz/nuapbfbpxHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://gvijgjwkh.biz/vsbcarqtobedbdtnHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://qpnczch.biz/dplroyHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://brsua.biz/qiqdxrvkivgnxuxdHTTP Response
200 -
1.3kB 378 B 5 5
HTTP Request
POST http://dlynankz.biz/owlHTTP Response
404 -
1.4kB 657 B 6 6
HTTP Request
POST http://oflybfv.biz/hlikHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://yhqqc.biz/jepbukmjkmlHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://mnjmhp.biz/rdHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://opowhhece.biz/buwbqeswrHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://jdhhbs.biz/qytvdmefsmuolkHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://mgmsclkyu.biz/cHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://warkcdu.biz/ppavanksamfHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://gcedd.biz/kiHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://jwkoeoqns.biz/ncoeqjjxwHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://xccjj.biz/sutHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://hehckyov.biz/iregojooqgHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://rynmcq.biz/pnvvdqcndmgbmetbHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://uaafd.biz/xmwhddrHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://eufxebus.biz/tpgtcqcrjwooyHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://pwlqfu.biz/vjmkHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://rrqafepng.biz/rmvwgknhmfHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://ctdtgwag.biz/ftmsHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://tnevuluw.biz/mqwiohfodxHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://whjovd.biz/jvvqgblueobflmdnHTTP Response
200 -
1.4kB 665 B 6 6
HTTP Request
POST http://reczwga.biz/tluxaoyipkefsvHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://bghjpy.biz/geakipqtHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://damcprvgv.biz/ovcvpugenwrkdlnHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://ocsvqjg.biz/vamlwcHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://ywffr.biz/sduxvoewwqoHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://ecxbwt.biz/qmgqluuivfqgycHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://pectx.biz/ykhdkHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://zyiexezl.biz/fvnhbccetrescroHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://banwyw.biz/bgvbHTTP Response
200 -
1.4kB 252 B 6 6
HTTP Request
POST http://wxgzshna.biz/ubbgy -
1.3kB 172 B 4 4
HTTP Request
POST http://wxgzshna.biz/qejrxwbkcj -
1.4kB 656 B 6 6
HTTP Request
POST http://zrlssa.biz/iqqavHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://jlqltsjvh.biz/hcxqcepxouppvlsaHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://xyrgy.biz/bmpgscfabvvixavjHTTP Response
200 -
1.4kB 204 B 6 5
HTTP Request
POST http://htwqzczce.biz/ofukjvwrie -
1.4kB 164 B 6 4
HTTP Request
POST http://htwqzczce.biz/bsnejvbucch -
1.4kB 657 B 6 6
HTTP Request
POST http://kvbjaur.biz/rfutpqHTTP Response
200 -
1.3kB 655 B 5 6
HTTP Request
POST http://uphca.biz/qoamxplexHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://fjumtfnz.biz/vgfHTTP Response
200 -
1.4kB 665 B 6 6
HTTP Request
POST http://hlzfuyy.biz/dwdpHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://rffxu.biz/yudflvxiicHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://cikivjto.biz/hHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://qncdaagct.biz/ouxkhqfgHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://shpwbsrw.biz/nbkphuscoyyHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://cjvgcl.biz/ayeknbgfhpdptbHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://neazudmrq.biz/vdtvHTTP Response
200 -
1.4kB 665 B 6 6
HTTP Request
POST http://pgfsvwx.biz/kyelbumeqcaHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://aatcwo.biz/qrjxjHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://kcyvxytog.biz/cvtvfppHTTP Response
200 -
1.4kB 665 B 6 6
HTTP Request
POST http://nwdnxrd.biz/oHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://ereplfx.biz/wnbnuvwjHTTP Response
200 -
1.4kB 655 B 6 6
HTTP Request
POST http://ptrim.biz/mqfohfqqrxkojbHTTP Response
200 -
1.5kB 707 B 8 7
HTTP Request
POST http://znwbniskf.biz/icmymHTTP Response
200 -
1.4kB 665 B 6 6
HTTP Request
POST http://cpclnad.biz/hsagkwfvleHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://mjheo.biz/gectHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://wluwplyh.biz/fpjjmhyktvimbbiHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://zgapiej.biz/ngyuuegoxqejknHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://jifai.biz/jjhHTTP Response
200 -
1.4kB 664 B 6 6
HTTP Request
POST http://xnxvnn.biz/ivowsmlgrmfmywHTTP Response
200 -
1.4kB 659 B 6 6
HTTP Request
POST http://ihcnogskt.biz/eovhfHTTP Response
200 -
1.4kB 658 B 6 6
HTTP Request
POST http://kkqypycm.biz/lnwsegayhyboHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://uevrpr.biz/oyekHTTP Response
200 -
457 B 1.1kB 5 3
HTTP Request
GET http://crl.microsoft.com/pki/crl/products/CSPCA.crlHTTP Response
200 -
1.4kB 667 B 6 6
HTTP Request
POST http://fgajqjyhr.biz/brjvaokymqxdnHTTP Response
200 -
1.4kB 657 B 6 6
HTTP Request
POST http://hagujcj.biz/kpxHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://sctmku.biz/ascpqxrmHTTP Response
200 -
1.4kB 663 B 6 6
HTTP Request
POST http://qcrsp.biz/lapHTTP Response
200 -
1.4kB 666 B 6 6
HTTP Request
POST http://sewlqwcd.biz/ufetacjbxHTTP Response
200 -
1.4kB 656 B 6 6
HTTP Request
POST http://dyjdrp.biz/iwHTTP Response
200 -
1.3kB 132 B 4 3
HTTP Request
POST http://napws.biz/xuwwndixr
-
59 B 75 B 1 1
DNS Request
pywolwnvd.biz
DNS Response
54.244.188.177
-
59 B 75 B 1 1
DNS Request
pywolwnvd.biz
DNS Response
54.244.188.177
-
57 B 73 B 1 1
DNS Request
ssbzmoy.biz
DNS Response
18.141.10.107
-
57 B 73 B 1 1
DNS Request
ssbzmoy.biz
DNS Response
18.141.10.107
-
55 B 71 B 1 1
DNS Request
cvgrf.biz
DNS Response
54.244.188.177
-
55 B 71 B 1 1
DNS Request
cvgrf.biz
DNS Response
54.244.188.177
-
58 B 74 B 1 1
DNS Request
npukfztj.biz
DNS Response
44.221.84.105
-
58 B 74 B 1 1
DNS Request
npukfztj.biz
DNS Response
44.221.84.105
-
57 B 89 B 1 1
DNS Request
przvgke.biz
DNS Response
172.234.222.138172.234.222.143
-
57 B 89 B 1 1
DNS Request
przvgke.biz
DNS Response
172.234.222.138172.234.222.143
-
55 B 117 B 1 1
DNS Request
zlenh.biz
-
55 B 117 B 1 1
DNS Request
zlenh.biz
-
58 B 74 B 1 1
DNS Request
knjghuig.biz
DNS Response
18.141.10.107
-
58 B 74 B 1 1
DNS Request
knjghuig.biz
DNS Response
18.141.10.107
-
56 B 118 B 1 1
DNS Request
uhxqin.biz
-
58 B 120 B 1 1
DNS Request
anpmnmxo.biz
-
56 B 72 B 1 1
DNS Request
lpuegx.biz
DNS Response
82.112.184.197
-
56 B 118 B 1 1
DNS Request
uhxqin.biz
-
58 B 120 B 1 1
DNS Request
anpmnmxo.biz
-
56 B 72 B 1 1
DNS Request
lpuegx.biz
DNS Response
82.112.184.197
-
59 B 75 B 1 1
DNS Request
vjaxhpbji.biz
DNS Response
82.112.184.197
-
57 B 73 B 1 1
DNS Request
xlfhhhm.biz
DNS Response
47.129.31.212
-
56 B 72 B 1 1
DNS Request
ifsaia.biz
DNS Response
13.251.16.150
-
59 B 75 B 1 1
DNS Request
saytjshyf.biz
DNS Response
44.221.84.105
-
57 B 73 B 1 1
DNS Request
vcddkls.biz
DNS Response
18.141.10.107
-
55 B 87 B 1 1
DNS Request
fwiwk.biz
DNS Response
172.234.222.138172.234.222.143
-
56 B 72 B 1 1
DNS Request
tbjrpv.biz
DNS Response
34.246.200.160
-
55 B 71 B 1 1
DNS Request
deoci.biz
DNS Response
18.208.156.248
-
58 B 74 B 1 1
DNS Request
gytujflc.biz
DNS Response
208.100.26.245
-
56 B 72 B 1 1
DNS Request
qaynky.biz
DNS Response
13.251.16.150
-
59 B 75 B 1 1
DNS Request
bumxkqgxu.biz
DNS Response
44.221.84.105
-
58 B 74 B 1 1
DNS Request
dwrqljrr.biz
DNS Response
54.244.188.177
-
56 B 72 B 1 1
DNS Request
nqwjmb.biz
DNS Response
35.164.78.200
-
59 B 75 B 1 1
DNS Request
ytctnunms.biz
DNS Response
3.94.10.34
-
55 B 87 B 1 1
DNS Request
myups.biz
DNS Response
165.160.15.20165.160.13.20
-
59 B 75 B 1 1
DNS Request
oshhkdluh.biz
DNS Response
54.244.188.177
-
57 B 73 B 1 1
DNS Request
yunalwv.biz
DNS Response
208.100.26.245
-
55 B 71 B 1 1
DNS Request
jpskm.biz
DNS Response
34.211.97.45
-
58 B 74 B 1 1
DNS Request
lrxdmhrr.biz
DNS Response
54.244.188.177
-
57 B 73 B 1 1
DNS Request
wllvnzb.biz
DNS Response
18.141.10.107
-
55 B 71 B 1 1
DNS Request
gnqgo.biz
DNS Response
18.208.156.248
-
58 B 74 B 1 1
DNS Request
jhvzpcfg.biz
DNS Response
44.221.84.105
-
58 B 74 B 1 1
DNS Request
acwjcqqv.biz
DNS Response
18.141.10.107
-
56 B 118 B 1 1
DNS Request
lejtdj.biz
-
55 B 71 B 1 1
DNS Request
vyome.biz
DNS Response
44.213.104.86
-
58 B 74 B 1 1
DNS Request
yauexmxk.biz
DNS Response
18.208.156.248
-
56 B 72 B 1 1
DNS Request
iuzpxe.biz
DNS Response
13.251.16.150
-
59 B 75 B 1 1
DNS Request
sxmiywsfv.biz
DNS Response
13.251.16.150
-
58 B 74 B 1 1
DNS Request
vrrazpdh.biz
DNS Response
34.211.97.45
-
56 B 72 B 1 1
DNS Request
ftxlah.biz
DNS Response
47.129.31.212
-
57 B 73 B 1 1
DNS Request
typgfhb.biz
DNS Response
13.251.16.150
-
55 B 71 B 1 1
DNS Request
esuzf.biz
DNS Response
34.211.97.45
-
59 B 75 B 1 1
DNS Request
gvijgjwkh.biz
DNS Response
3.94.10.34
-
57 B 73 B 1 1
DNS Request
qpnczch.biz
DNS Response
44.213.104.86
-
55 B 71 B 1 1
DNS Request
brsua.biz
DNS Response
3.254.94.185
-
58 B 74 B 1 1
DNS Request
dlynankz.biz
DNS Response
85.214.228.140
-
57 B 73 B 1 1
DNS Request
oflybfv.biz
DNS Response
47.129.31.212
-
55 B 71 B 1 1
DNS Request
yhqqc.biz
DNS Response
34.211.97.45
-
56 B 72 B 1 1
DNS Request
mnjmhp.biz
DNS Response
47.129.31.212
-
59 B 75 B 1 1
DNS Request
opowhhece.biz
DNS Response
18.208.156.248
-
57 B 119 B 1 1
DNS Request
zjbpaao.biz
-
56 B 72 B 1 1
DNS Request
jdhhbs.biz
DNS Response
13.251.16.150
-
59 B 75 B 1 1
DNS Request
mgmsclkyu.biz
DNS Response
34.246.200.160
-
57 B 73 B 1 1
DNS Request
warkcdu.biz
DNS Response
18.141.10.107
-
55 B 71 B 1 1
DNS Request
gcedd.biz
DNS Response
13.251.16.150
-
59 B 75 B 1 1
DNS Request
jwkoeoqns.biz
DNS Response
18.208.156.248
-
55 B 71 B 1 1
DNS Request
xccjj.biz
DNS Response
44.213.104.86
-
58 B 74 B 1 1
DNS Request
hehckyov.biz
DNS Response
44.221.84.105
-
56 B 72 B 1 1
DNS Request
rynmcq.biz
DNS Response
54.244.188.177
-
55 B 71 B 1 1
DNS Request
uaafd.biz
DNS Response
3.254.94.185
-
58 B 74 B 1 1
DNS Request
eufxebus.biz
DNS Response
18.141.10.107
-
56 B 72 B 1 1
DNS Request
pwlqfu.biz
DNS Response
34.246.200.160
-
59 B 75 B 1 1
DNS Request
rrqafepng.biz
DNS Response
47.129.31.212
-
58 B 74 B 1 1
DNS Request
ctdtgwag.biz
DNS Response
3.94.10.34
-
58 B 74 B 1 1
DNS Request
tnevuluw.biz
DNS Response
35.164.78.200
-
56 B 72 B 1 1
DNS Request
whjovd.biz
DNS Response
18.141.10.107
-
59 B 75 B 1 1
DNS Request
gjogvvpsf.biz
DNS Response
208.100.26.245
-
57 B 73 B 1 1
DNS Request
reczwga.biz
DNS Response
44.221.84.105
-
56 B 72 B 1 1
DNS Request
bghjpy.biz
DNS Response
34.211.97.45
-
59 B 75 B 1 1
DNS Request
damcprvgv.biz
DNS Response
18.208.156.248
-
57 B 73 B 1 1
DNS Request
ocsvqjg.biz
DNS Response
3.254.94.185
-
55 B 71 B 1 1
DNS Request
ywffr.biz
DNS Response
54.244.188.177
-
56 B 72 B 1 1
DNS Request
ecxbwt.biz
DNS Response
54.244.188.177
-
55 B 71 B 1 1
DNS Request
pectx.biz
DNS Response
44.213.104.86
-
58 B 74 B 1 1
DNS Request
zyiexezl.biz
DNS Response
18.208.156.248
-
56 B 72 B 1 1
DNS Request
banwyw.biz
DNS Response
44.221.84.105
-
55 B 117 B 1 1
DNS Request
muapr.biz
-
58 B 74 B 1 1
DNS Request
wxgzshna.biz
DNS Response
72.52.178.23
-
56 B 72 B 1 1
DNS Request
zrlssa.biz
DNS Response
44.221.84.105
-
59 B 75 B 1 1
DNS Request
jlqltsjvh.biz
DNS Response
18.141.10.107
-
55 B 71 B 1 1
DNS Request
xyrgy.biz
DNS Response
18.208.156.248
-
59 B 91 B 1 1
DNS Request
htwqzczce.biz
DNS Response
172.234.222.138172.234.222.143
-
57 B 73 B 1 1
DNS Request
kvbjaur.biz
DNS Response
54.244.188.177
-
55 B 71 B 1 1
DNS Request
uphca.biz
DNS Response
44.221.84.105
-
58 B 74 B 1 1
DNS Request
fjumtfnz.biz
DNS Response
34.211.97.45
-
57 B 73 B 1 1
DNS Request
hlzfuyy.biz
DNS Response
34.211.97.45
-
55 B 71 B 1 1
DNS Request
rffxu.biz
DNS Response
34.246.200.160
-
58 B 74 B 1 1
DNS Request
cikivjto.biz
DNS Response
44.213.104.86
-
59 B 75 B 1 1
DNS Request
qncdaagct.biz
DNS Response
47.129.31.212
-
58 B 74 B 1 1
DNS Request
shpwbsrw.biz
DNS Response
13.251.16.150
-
56 B 72 B 1 1
DNS Request
cjvgcl.biz
DNS Response
18.208.156.248
-
59 B 75 B 1 1
DNS Request
neazudmrq.biz
DNS Response
44.221.84.105
-
57 B 73 B 1 1
DNS Request
pgfsvwx.biz
DNS Response
18.208.156.248
-
56 B 72 B 1 1
DNS Request
aatcwo.biz
DNS Response
47.129.31.212
-
59 B 75 B 1 1
DNS Request
kcyvxytog.biz
DNS Response
18.208.156.248
-
57 B 73 B 1 1
DNS Request
nwdnxrd.biz
DNS Response
54.244.188.177
-
57 B 73 B 1 1
DNS Request
ereplfx.biz
DNS Response
44.213.104.86
-
55 B 71 B 1 1
DNS Request
ptrim.biz
DNS Response
18.141.10.107
-
59 B 75 B 1 1
DNS Request
znwbniskf.biz
DNS Response
47.129.31.212
-
114 B 73 B 2 1
DNS Request
cpclnad.biz
DNS Request
cpclnad.biz
DNS Response
44.221.84.105
-
55 B 71 B 1 1
DNS Request
mjheo.biz
DNS Response
44.221.84.105
-
58 B 74 B 1 1
DNS Request
wluwplyh.biz
DNS Response
18.141.10.107
-
57 B 73 B 1 1
DNS Request
zgapiej.biz
DNS Response
18.208.156.248
-
55 B 71 B 1 1
DNS Request
jifai.biz
DNS Response
44.221.84.105
-
56 B 72 B 1 1
DNS Request
xnxvnn.biz
DNS Response
13.251.16.150
-
59 B 75 B 1 1
DNS Request
ihcnogskt.biz
DNS Response
35.164.78.200
-
58 B 74 B 1 1
DNS Request
kkqypycm.biz
DNS Response
18.141.10.107
-
56 B 72 B 1 1
DNS Request
uevrpr.biz
DNS Response
44.213.104.86
-
63 B 162 B 1 1
DNS Request
crl.microsoft.com
DNS Response
2.19.117.222.19.117.18
-
59 B 75 B 1 1
DNS Request
fgajqjyhr.biz
DNS Response
34.211.97.45
-
57 B 73 B 1 1
DNS Request
hagujcj.biz
DNS Response
18.208.156.248
-
56 B 72 B 1 1
DNS Request
sctmku.biz
DNS Response
35.164.78.200
-
59 B 121 B 1 1
DNS Request
cwyfknmwh.biz
-
55 B 71 B 1 1
DNS Request
qcrsp.biz
DNS Response
34.211.97.45
-
58 B 74 B 1 1
DNS Request
sewlqwcd.biz
DNS Response
44.221.84.105
-
56 B 72 B 1 1
DNS Request
dyjdrp.biz
DNS Response
54.244.188.177
-
55 B 87 B 1 1
DNS Request
napws.biz
DNS Response
104.155.138.21107.178.223.183
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD57c889226e10f43c3db9af4e079140150
SHA1bae6718060345005ea473ed2239ccccd367cf019
SHA2569e00cd052452e3f84ba3a1fb86b4a9fe7642a469ec7ef91e578dc0be7895cfa0
SHA512f38e223c322a139e4dadc71038d88f55879ac69bf5425fa023d723467ce01a41e136088c86614bc4283d7eefbe628f77d8e737879ed861b58eeb31e5b20a2c3b
-
Filesize
1.6MB
MD57656a9ffb3482400b62647ca8773b95e
SHA1a665ad368144521f16c6f7c4bc222de5b749e665
SHA25657c8c6f3d4fc8c2f55a05c9b9ca45cf00c4e4ad6e9bf530b720dbee7b83a3803
SHA5122b0e18e1ff97089057850f441ac3f6f69286b70dc56f84505940b8abf542922619ceb243f9d0a30489b910f8fa2d004c5da77d27d9b05a913014ddab12176a57
-
Filesize
1.3MB
MD524f65d1728582069f98de2bfa8baafb9
SHA1091c1e1f3b069243e29432c28efa6e750efbbb49
SHA256d6cf436d826eb89ea33ce5a745970cdfa0960e96fc34804be265aea8e86fe8e2
SHA512e29297bc9b621e71ab9afe2691bebbcabd9a3f56c3d6b2238971276ed563306dc974eba1e63ff57327450bd03efbf4d81b426dc10fd13ec2bcf4d5b2b12b03ff
-
Filesize
1.6MB
MD59a3af332868872b85c96adb25a44208e
SHA1d0443d1d0c54de4e686d16dc408be1477c9b7c1d
SHA256a96f5da9529b221b13f51c97df5d8b9ffc01e02fecf0fd65d6d748620319c8d7
SHA512f5b8b9b04ea6fce88dd166dd98c93874302bda7e7767a34e040a264abb0ecce34d4d806f4cf7ffb605ff3da15d715693b1a351944c371b03cb0a75dd851757d2
-
Filesize
1.2MB
MD530c4bf89e37a8cd4d55951246dab3b23
SHA1c7cd196a34fbdf35494f9d2f501efe47bc7f4e88
SHA25680bc4a95ad84da2f9d181d55ecccd05c6ebbac424900b841c986717aa30ff562
SHA512cc5d52b4e055237768afc4e15fed418446f89c61fb38fde458b0d8f44f6b310577309143b5ab685c8d4e10624e00ea9a0b0e521e0e7a41c24ea76566a15e7953
-
Filesize
30.1MB
MD5111b597088a36cc423acc6a98831a649
SHA13fa53572490f1591a393031e76ffc07e12a3bc43
SHA2561f3adc44fcd2e73e626592d724ff1e10b8ac66dee60d9d8d894a396710bfcba8
SHA5122ffe0fac7ed17943a556bf86d7acbb71d2e5f3f94d66fbfc6f56ba7f7756f79bebd94baac64410562259e1e4ac70544a7ec915e09c87e38f28fcd277c9c68efa
-
Filesize
1.3MB
MD5b07dedb3e48bd81d0295ae74332644cc
SHA1f333142cc47f7824e2f652014475a5ad85de8549
SHA2564a18b997c75163b94704050a57a1d6e57720095e25fc1bf22c3f8ffc1f602637
SHA512c71ed695be6a39d11ee35fee035cbeacf43c4d0d4b5db159465b349d3d2f69b7d741f2f1978e8a929273b74a69abc7c387fcee03681ebbcad7ab2edc9ad70f61
-
Filesize
1.6MB
MD5d2f5d9c1925025230473e3ab9c6a43c9
SHA1fd35c2a3448f493923cbff2a059c3b6b9a356c40
SHA256c87c0305c7b312f08e65a2aed00d0ff71e9b4a9a2367a2572bd665432201cab1
SHA5124682d23a48935ead95eac3888e804bb36ac76f25a788e3991c0fbb01aca54b9483393db90688ff552e6017e641203a2d5be532ba909f5566cd2a845384693641
-
Filesize
1.5MB
MD5fe2390e451afcc0210dc629cece23e9a
SHA1b38e2218b19143b4a47ad311e1c8bd568d247343
SHA256772e748c158aa6b8dbbce12d5bfb5df779e0e1862b142cf63a2ab11d1382d89c
SHA51249769d9a6656e135b3290e2bd448af7658a0f0be5b824295b78537534b34232f57dea6594763f7dc9d36528591d5b360aace694e023e334447ee963e9b1924fe
-
Filesize
1.2MB
MD5112448fb413e0e124759debafde0ae5c
SHA19f34072a8905d3d50a881ed3609482ff844fed48
SHA256143dccb4b906020cfe1a86f9101232b2ff35e5db40d59fcaf7d8ef982a217467
SHA512fc56126425f78cc82770a3540392fbab34ee43a9326a879d9769c838297b9702fdb40b9517e6dc5194e76395d571f37513585b4bcfb3c9fa19aab96e2511bd82
-
Filesize
1.1MB
MD554dcafe985913b33c648094c089140d8
SHA1325ed39e7aedbdf8b0cb0a46b8afd2b23f4e8066
SHA256cb5d3d50da50b53cd7ff2119f5fa034767c68c8fa42a67ced3ca1dba46abb6ea
SHA512110aeed2d3e4291de51bdbd27df0c213012cdf2e01cf49153795e998a277642ae352ac0777f9b42b47f18ce891ce559ba6905fd21a0c42a74c23b8aa314aa599
-
Filesize
4.8MB
MD5b421a37a9a3ff649b7d91304448f4486
SHA1d8747710fbcdd55ec219d13c76edfd9fe8b06c0c
SHA25657eb71fc80c52bbbb6e92c41a8fe828ae1a95af20a862064faf46c739078e2e1
SHA51252fd3cbd6ea77322e36cf84993977df59eccaa0a1342ae09985940fd773143def16b91d27c9d1f0597259390813e0b4646201839f566c8c5fb4655994aef6287
-
Filesize
4.8MB
MD5e6836412328a5722996e5372b2c26c23
SHA111af2299680e2ddfdf2e97d0489a8bb17703f44e
SHA256b3deba828a10e71deb33cca1afa2c173419d8f917b5d11770f3471fc071eeef0
SHA5125630d11e61136afa9ad961990584cd5b71bd8024c966b939ae0a1d0730a114e03927ddf2f8ebd41b07abba7fd140357a11f2626b93ed0675506cd48dd184d88c
-
Filesize
2.2MB
MD5332bed9fa24eaabf7d471c92bb6236fd
SHA1158d3ac0a48e3a4ee331333ff9a6d50d5d8fbf3f
SHA2560f51b3767140946669bfc88f6dd58a70dfe354e42d7914a91c77a6123b505706
SHA5129dd992ccaa46d57ceb4574593a37a337656a4a8b59f8fa17d453f70ba1654a41b0257261590895b26cb430413dab1f0ae5bc8f5ebfc4fcfca0659b150e6c6124
-
Filesize
2.1MB
MD5df433a3f01cc9bad45aab343863c402f
SHA1aefebaee2b62aac58754ce79388a32f7e8b3a149
SHA2564b39cfdab3cf8a18df7e308add2224d75950f8c413c950a9c867fb6873686114
SHA512feaa0a805bedad76517280069bba70183f58aafec784f590c23cc9c772df4859cf1a7eccc392180bfe68f5c7d45d9f105fccd8a6394a66f30ad46f1696007100
-
Filesize
1.8MB
MD55fc9a421da62eb55013d93ac0d39ecc4
SHA1d5bb60c5a59b44f058f824ed010bb6180037550b
SHA256a32b2a4dbf759c2841ea5344bc89aa983d2bbe510c3e081d8e67e6341e8f97a4
SHA51293b1fc2c6434e4233619c376b55330ccd170333cbce144c26b93844c7e4f832878c0c06e829caf5357e9baaee34faf93da0c1b9e2be981bea76970618fdc5795
-
Filesize
1.5MB
MD52732e892683f86d87560f279f4e8c206
SHA1db514e3a1542fa29f00e5e9d9c0a6fc283f6785f
SHA256ce7b0d7b6469513780c0b7d7fa6d94c91ffdf8a8e027cbe8c7b9c77b2a0f92c8
SHA51238a14ee458429805ecceb28d4c3f1f3294676994a41896aa35f2897dce9b65c7e930da8e0621027f6bbec9a65c15013f2f8a1e5a17dbc0579fd67eec9547ca10
-
Filesize
1.1MB
MD5d68b5424b2ed529e76f0aa042e70bb7c
SHA14b28c2187a7df550f0ebf1da9309ada2f327f90a
SHA256b4e8d82e54f740021f12bc05d0d1733f24ecb31eb2a0dc9cfee9e5d1bc5c85e6
SHA5129041d7ab79415c30a41606e6b583f16d06529910fd1d2483f988e39720f3736f12049097ae9bec99e001163ae5ca7e77eb824f24b7de888e35b938e831543834
-
Filesize
1.1MB
MD5cc0947574b8eece47b13c7e259396847
SHA1c4cc6234a31fec48072ee2728e8ef0fd7334e680
SHA25667fca24c78ea8dd5eb2a24200f9cd763c9d3356fa0f3b56b156cb3ad40712398
SHA512fec615a1a27cfa767fd922f52eb82374b5f9a81f18ae2a229709bf14bc00ca091f9e25223b9b2f3c188de1450aa5a8a00308f333d2fedeb3551239a84a42fac7
-
Filesize
1.1MB
MD57b59bc42f6013071b516a4f62aa17e51
SHA1cb9b338c9eebd359cfa309dfa1c7b645e4dde118
SHA2567ec0a39420f53951962ced729115d8ebf6911d63afb6a9423ea1b0a8ab4f8d62
SHA51294d6a2ed8ea7afcdb2df594f52a9319122af4c73aaf5edd20d690830426b152e852ccf05c6b272a3be47f34029801ed0468d28f177ade4787bd6414bc5dcfb74
-
Filesize
1.1MB
MD5f332c7ca92005df27176a580cd19b521
SHA190aa584d161664daf36ce9a7ba8eeb9cee2a87d7
SHA256603d4879c1665c4e217e67d970692cad21c20374788a63b001c6efb60c48187a
SHA512fcbae3a5b25c8d0aa907e614595fcb6d861e1b6dcefccc5b601955407517e4317bd1e56bd21928e65d2e45a06b4e90d428472002ff11443b94bfb998e07c5aba
-
Filesize
1.1MB
MD5f521c3e6f6f123bf79dc37ff4b17fe8c
SHA19d5c68d8f3ab38565c18e3820e2406d44c1a5051
SHA2568f93d8fb70d3025fb0fc9f6bba20d93f6a0b053d337ab15f2a68204d59a5480d
SHA51207dabccb6c52689d663d84fa32b5eb6ceb919e429f15602fd1b4a87322b6e3afd5781f3251df5f9142e374cd0167873357d6201eeb17185aabf20c130b8cd796
-
Filesize
1024KB
MD5a966de0604a7629db060cb5c0f8810c4
SHA110c6832e2b1f3d1c4b04e61d76daaf79dd2422ce
SHA2561a39ff3da1df5c90c9b2f9a96318f4db749eff0bfb53d49612e49da4f2678059
SHA512c7d6ef34acf66b6c54f8b1db25e269cd780f4d40200203efde4488db62f40cf860f4f4dfb7c9a1b8015ee107768bd8ef35754b006757119e3281db7b8591b316
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b91050d8b077a4e8.customDestinations-ms
Filesize24B
MD5b9bd716de6739e51c620f2086f9c31e4
SHA19733d94607a3cba277e567af584510edd9febf62
SHA2567116ff028244a01f3d17f1d3bc2e1506bc9999c2e40e388458f0cccc4e117312
SHA512cef609e54c7a81a646ad38dba7ac0b82401b220773b9c792cefac80c6564753229f0c011b34ffb56381dd3154a19aee2bf5f602c4d1af01f2cf0fbc1574e4478
-
Filesize
872KB
MD5ffed75d9c5858b6ce52fa855e59d51db
SHA1c0f0a1c15f513b8f1cc701232c49fd2f11e05fb2
SHA2569b7f03432ceba7ad4176621bf237aded1a47cd33acdccd6017a28ae9d806c06c
SHA5127aeca64c7d447bd01c830b50fb5f9043dd968fe55e77f6d5fcd686e255a6ab9be2c2c15ebc0d6eca46988c4e51f3d37fef252f2386ab9826285cd13c5c056306
-
Filesize
1.2MB
MD54c1023a8f923662667a19db39795567c
SHA1544ac82968cda28756dd058677709c5e7c775d2f
SHA256e8d9f474a3db8e033f656be71028ba023476b0016f8ccc00259895377573c32a
SHA512cbd8c955794c13ea54abb2089228834ef084d639b8fdfc1b0ea7b860f7864071eb1060f3cb6287cd0d4025061afd027fbc3a7ab9ee2de77f9c2074c4c41ed367
-
Filesize
8KB
MD5a403cf19d7076be15159eed38486ba07
SHA1fd57c9106a3f6e06d1354bca33d94555f7298c4a
SHA2564527d674c74f4c6e327c80899658b4918398d6e2474ae990d7ba940504508d23
SHA5122f2d5d4f88d50248371907fdcd5f5786e3052270808326153271756fd8ee39260398ad0f4ccbc286bb87908437dd2858191eb990b0c13bd9f82194b6ee08fdf1
-
Filesize
1.1MB
MD5038f829132729d0f7125e4af4621a4dc
SHA10e6b4e34528eb5a9e181a510d20097010652a99f
SHA2562a041ee87adbc3de4fa24e96baf42cd88b59a2829aa95314f81c5a8bc4becb9f
SHA5123cd80cd1d3ed945540ec64c61998273beb51d0bb79c55fb38ddb0c3d47dabc6191b4994a55a4985b648c92a07b56400130be2dfb2066b7f6bbffce2437b4269e
-
Filesize
1003KB
MD509536c600748c0a5b5f662d5d4bf0615
SHA174804bd1f5abd6cbd8a41e570b607efc3c060e6b
SHA2568f91f5245c360d59fc511328c1e9106451e5b46b6c5373633ccc5f557b308220
SHA512e96ba2688d269c970df58b9cbf6a1d1ea4fd09dc0c2a407a8f84fd848dd1ecc8bb9ea91e8f588b8d5d6b79b930041c890e9ce8d5ea94ace6fcf1aa0099e17335
-
Filesize
1.2MB
MD56ac7149db6ff94fbb7f7152744a39fde
SHA1e3d371d9fbe37437c7850fa31bbff2029345c0e6
SHA25636953b4a701a77f1c257162876a9023b8237cd3255ec55951abc8f772e5d39c3
SHA5120acd08654d4c8d284c24c29a7adaaa577da89b22f13ea5012daa4ceb1d1eea8c4792ae8c8216aac6d84b9913bbe39d8f3899e92a55eb1438024131a4e1922726
-
Filesize
8KB
MD554f6a796161b6bbebcd4374fee5c0fe9
SHA1c6f8c4878603680d4048c07ddb30e106ae5d332d
SHA256a71f4bf33591e4bc632148d14df98540a1d8256aca0112a0a5d21492b2d8dca0
SHA5128d5cef96c9f4ef045291b8093a461480366e4a82f6390322f377c21f0c6f5e4b02ad21ef6ff114ffad18b98a9fbd447d3fb90829bd92a7c7d449f1b749f6afc2
-
Filesize
1.1MB
MD5b67c522b21b687eaa18e77326db09ee2
SHA151c9814b9d956f5d96970c19581050abccab1896
SHA256131e7610ffba1230dbec44178c2a3180d5ead6b58602975db79319c71fb394cf
SHA512d8ef4ea0fd5b334b61345f993801515b84bbbf9bfc09e7b12fd3e7f57b7d12b375e1657ecdaf1258fd31c3090b597c5bc8dd8e5b04c8d5131715dcc4e5a1c4dd
-
Filesize
1.1MB
MD54d0196b1595d5e3a19fae5c374b7a57e
SHA136946b56c966db777c8414be1af940641b88c8c2
SHA256c288acbf4500e4e63944945f3e8c9b2d8ae4f95640bee2da7d0394f6f679c005
SHA5123b807145d064ac8b1a7f3296da790a6ebf938d01950a1243470be60e47cc2f94cadb9d99a3c93d4c53673c5228b46dd10df5e53381bedb512085c0877659caa1
-
Filesize
2.1MB
MD596ade9637fbe359c428e49120d7767c5
SHA1fe3151bbd4045dd47b6ec8907067a387ac310307
SHA256693fe441313fbc0277fbaffc578b3d42886caea09aa70b963e0118827e60db31
SHA5126c24368b75a26e65307586baf01141c58a35dc015b4ab7467bafe8fb3346bc27831f62b0ddda2b1a8448e2cdc09e85d7d675e5ca3f9a3fe37228b2188fe79d5f
-
Filesize
1.2MB
MD52cb63644bd82efe53daec0f9bf8fb81e
SHA1a3e3b147235b8047a321be1146c306b7c0f54282
SHA256b1f12381b883004939ac404bbdece768f87cd6523bee889a6f7fbbcae99a8c6c
SHA51206c4d5b4dc57e885eb1ea92ac0ca8774b9e09ca2224ba144658ce3a52a67fc7ba88f05852a0874e63d079f10e2bdb88532e8e0295810560cc34043f49cc27b0f
-
Filesize
1.2MB
MD53d4b242501bde333c406c43afa9bf8e8
SHA16c5f22c835d069986a229d873b5cb995dba38428
SHA25679a9555447272dcfb54c9359ecae9b91d16b02601ec043eae8234ec339a7c274
SHA5120b7d8ac17505fcb8a27d4b75a68d2e18ead3d10148890bfe626bcd4c023ea126fa9e2787dd394e32124ef7cb81de721167e5f4a4a33e7ce20d720b7e753c057a
-
Filesize
1.6MB
MD5219b03dfe4dcbf21a7ebcca4ab0e0ada
SHA1ff4fe19f478af42afebec733484f05bbf7aebbc5
SHA256d6e62fe866cd18c92f8350bd79ba43a6de7e734123e2e34d19b57f2cf657572f
SHA5123f7470465bf53a603ff6a557bfde6c0ff126c037035c5dccd2c94543a77a635cc587b59f3a3113f29ffa3f96153c87af19a68b2baa46f373ac2e4ee387137a01
-
Filesize
2.0MB
MD5a4e765e72ea63345bdc526c68c4b557b
SHA11632f0ecb11af4d1a38556b3c1aecfa4276df0a7
SHA256136b1e89c970836b504ec0dbb10ee62528b9afc800bc9f235a19f856f5d0d742
SHA512fc234d62a347f5cf94c6d3daf9af5cc258f71f50ceeea410dfe6d4474caf3cb23f98a6ef46c4af130bb62502ed867a3fd6bad63c622099f55aace534d433920b
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\135228e87b2c27d26b516ac0fc0ce667\Microsoft.Office.Tools.Word.v9.0.ni.dll
Filesize834KB
MD5c76656b09bb7df6bd2ac1a6177a0027c
SHA10c296994a249e8649b19be84dce27c9ddafef3e0
SHA256a0ae0aec5b203865fac761023741a59d274e2c41889aeb69140eb746d38f6ce0
SHA5128390879b8812fc98c17702a52259d510a7fe8bc3cf4972e89f705e93bc8fa98300c34d49f3aec869da8d9f786d33004742e4538019c0f852c61db89c302d5fdf
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\5766ec3721d18a48bec1ca1f60331e2d\Microsoft.Office.Tools.Common.v9.0.ni.dll
Filesize797KB
MD5aeb0b6e6c5d32d1ada231285ff2ae881
SHA11f04a1c059503896336406aed1dc93340e90b742
SHA2564c53ca542ac5ef9d822ef8cb3b0ecef3fb8b937d94c0a7b735bedb275c74a263
SHA512e55fd4c4d2966b3f0b6e88292fbd6c20ffa34766e076e763442c15212d19b6dea5d9dc9e7c359d999674a5b2c8a3849c2bbaaf83e7aa8c12715028b06b5a48e1
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\60214b09b490be856c4ee2b3398d71bd\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
Filesize163KB
MD5e88828b5a35063aa16c68ffb8322215d
SHA18225660ba3a9f528cf6ac32038ae3e0ec98d2331
SHA25699facae4828c566c310a1ccf4059100067ab8bfb3d6e94e44dd9e189fd491142
SHA512e4d2f5a5aeaa29d4d3392588f15db0d514ca4c86c629f0986ee8dba61e34af5ca9e06b94479efd8dd154026ae0da276888a0214e167129db18316a17d9718a57
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\d7be05162f8d0fba8f4447db13f6695b\Microsoft.Office.Tools.Excel.v9.0.ni.dll
Filesize1.3MB
MD5006498313e139299a5383f0892c954b9
SHA17b3aa10930da9f29272154e2674b86876957ce3a
SHA256489fec79addba2de9141daa61062a05a95e96a196049ce414807bada572cc35c
SHA5126a15a10ae66ce0e5b18e060bb53c3108d09f6b07ee2c4a834856f0a35bec2453b32f891620e787731985719831302160678eb52acada102fdb0b87a14288d925
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e1f8e4d08d4b7f811b7dbbacd324027b\Microsoft.Office.Tools.v9.0.ni.dll
Filesize148KB
MD5ac901cf97363425059a50d1398e3454b
SHA12f8bd4ac2237a7b7606cb77a3d3c58051793c5c7
SHA256f6c7aecb211d9aac911bf80c91e84a47a72ac52cbb523e34e9da6482c0b24c58
SHA5126a340b6d5fa8e214f2a58d8b691c749336df087fa75bcc8d8c46f708e4b4ff3d68a61a17d13ee62322b75cbc61d39f5a572588772f3c5d6e5ff32036e5bc5a00
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\00cf0faa3d37faa0ea2d240c1ca307ef\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
Filesize143KB
MD575c84340d765d73eac1c743a31b6571a
SHA152aeef700a52b8e687316f42816eb9c0599354df
SHA256b72a1f7da8b3c3dc95c2252319f6f3e71c81ed8bd59a5b31bd2861e14c364459
SHA5129a9cdbc3a103e733150fae265c594dd7378ca402521387e466732f2431472a6a0e6cb4dfe02fe9f5b975a1739c685471ad2a4dddcdf6f12c4b5be469832fd5f1
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\03cad6bd8b37d21b28dcb4f955be2158\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
Filesize34KB
MD5c26b034a8d6ab845b41ed6e8a8d6001d
SHA13a55774cf22d3244d30f9eb5e26c0a6792a3e493
SHA256620b41f5e02df56c33919218bedc238ca7e76552c43da4f0f39a106835a4edc3
SHA512483424665c3bc79aeb1de6dfdd633c8526331c7b271b1ea6fe93ab298089e2aceefe7f9c7d0c6e33e604ca7b2ed62e7bb586147fecdf9a0eea60e8c03816f537
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0cb958acb9cd4cacb46ebc0396e30aa3\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
Filesize109KB
MD50fd0f978e977a4122b64ae8f8541de54
SHA1153d3390416fdeba1b150816cbbf968e355dc64f
SHA256211d2b83bb82042385757f811d90c5ae0a281f3abb3bf1c7901e8559db479e60
SHA512ceddfc031bfe4fcf5093d0bbc5697b5fb0cd69b03bc32612325a82ea273dae5daff7e670b0d45816a33307b8b042d27669f5d5391cb2bdcf3e5a0c847c6dcaa8
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\181356b1bbb85fe2401c4dfad1a45133\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
Filesize158KB
MD5a763a9348ab4ee3bd593bb17d854e51b
SHA14d0c97ba6877e2f9ab32fe1316936a4f2e0ff2c9
SHA256b2f9dce9baca3e56fb3587ffe30ca38eb0f89ed30985b328a853778480c0f87b
SHA512e8d3896d4bd788d3ed923e0c9d3ba19fe9fc507060e2e5e8e410964f4c9d7331928324a79336079ccc84c050d8f0acfb03126a2e3622daac3846b0bfd028f602
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\367516b7878af19f5c84c67f2cd277ae\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
Filesize41KB
MD53c269caf88ccaf71660d8dc6c56f4873
SHA1f9481bf17e10fe1914644e1b590b82a0ecc2c5c4
SHA256de21619e70f9ef8ccbb274bcd0d9d2ace1bae0442dfefab45976671587cf0a48
SHA512bd5be3721bf5bd4001127e0381a0589033cb17aa35852f8f073ba9684af7d8c5a0f3ee29987b345fc15fdf28c5b56686087001ef41221a2cfb16498cf4c016c6
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\43ac81bed18b52d77a8011ada80939b5\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
Filesize296KB
MD57687295a6e19cc656b077e6a61629d4e
SHA1fa1025de5cffb56a3d1f8cae9d09b7171b33326e
SHA256ad8d210d001d3298ad4e1cbf08449b2cbd2b358d28cfad99db78639627a7cb86
SHA51219de95fd90bc6f091e785074ee71dc15d450d65fbdea933e26650fb9c747d81ae2fca7f5f83192f17451a49a314d264cabea2202c805b6ffab729d381675734c
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\48a294a6ff9cea6b26c38fc8b4f5e3e8\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
Filesize356KB
MD587111e9d98dc79165dfc98a1fb93100b
SHA14f5182e5ce810f6ba3bdb3418ad33c916b6013c8
SHA256971188681028501d5ac8143b9127feb95d6982417590af42cf1a43483e38bd42
SHA512abbb246d620e8a2ab1973dde19ff56ea1c02afa39e889925fe2a1ba43af1ad4ff6eb017e68578ae520109b3e290b3d9054d7537eb2df0ede6e0fbca8519cc104
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5c8b40c69a2293c8f499b38b25c41117\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
Filesize157KB
MD57bdf8e0c9aa04b71a52dd964005f4363
SHA1a87e809146d3c70093a189c37f0a96b8bd0ce525
SHA2560406be7235661a62f68bff4c7640b4e241a0c392d548bf242ed08ba0eeaee66b
SHA5124983ebf42241723cf258407c7d2a0773f395c861741f4e98bd7ac86e1ef0a597f89263bb5a986b69ffd43836a5e49d8f03342736b4c3183ea0c58b8099af2051
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5f2320d38621eb541713e6cd421c2b8a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
Filesize648KB
MD57ebbba07bc6d54efd912bcd78b560b7b
SHA1a6aee1a80ddcdf201301ac29293c62d58bcc941d
SHA256637dc357ff9011902186f2fd128ca74ac84fdb6d984f15036803b6a8fe28868a
SHA5122139a0d520ed70b72dc76fdd0555185386c9c22de1e1fb7eaac0607b313500c44f856c76ac6e2cd72148ea0b86b10bdd2b0ab7daacfc945cb66a637b8d99cfe8
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\787526c375f27d452cde50fea4f7986b\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
Filesize1.2MB
MD50637ad2bf6fc5ac1d29e547155bc818c
SHA1a502879466b6dd37eae5881bbb18353f97623852
SHA256868c297cb00b2d298f594ad7e3fd4e38aeaac78042613626d6f919b2bca25c4f
SHA5121d18a16ec3b91c3143c4371de305a7ea464d41661752ece65bf1ce19a8342a265c024a740afa6be8baf4d1edfdac6c6fcdad7395c1294342cd1f4388428e52c1
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8c6bac317f75b51647ea3a8da141b143\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
Filesize210KB
MD54f40997b51420653706cb0958086cd2d
SHA10069b956d17ce7d782a0e054995317f2f621b502
SHA2568cd6a0b061b43e0b660b81859c910290a3672b00d7647ba0e86eda6ddcc8c553
SHA512e18953d7a348859855e5f6e279bc9924fc3707b57a733ce9b8f7d21bd631d419f1ebfb29202608192eb346569ca9a55264f5b4c2aedd474c22060734a68a4ee6
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9248a710d7fe2485a557ce5d3cbcf2df\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
Filesize607KB
MD5e9ca062e4958cc25400c804029a5bf62
SHA11ed4374d0d0f568936fdebe17d9110481d6b3344
SHA256a09436c1df8fcd8ecd1732d6e4e68f32b092e71e0c5d3308b0f3f20abd03d4e0
SHA51243a9ea20d1e636201c0ce7098c198b893465b45f747ed2a002e8dd0bfc7739c28e166d259faf3a0087ae1fe59c74cc8e598f2b283cc7ebc345b6f3b5c388e520
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9306fc630870a75ddd23441ad77bdc57\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
Filesize53KB
MD5e3a7a2b65afd8ab8b154fdc7897595c3
SHA1b21eefd6e23231470b5cf0bd0d7363879a2ed228
SHA256e5faf5e8adf46a8246e6b5038409dadca46985a9951343a1936237d2c8d7a845
SHA5126537c7ed398deb23be1256445297cb7c8d7801bf6e163d918d8e258213708b28f7255ecff9fbd3431d8f5e5a746aa95a29d3a777b28fcd688777aed6d8205a33
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\986a078d722633641da49114e78d104c\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
Filesize180KB
MD5196ed3f520ef04f8aa7f21f909c78d78
SHA10dc950dd707f17d8fe6250f870068607dad6455c
SHA2567d2498c3bb7d7d19ae9117a515fe047c5f288552da8f915f3785a34978946bab
SHA5124561e2e054738b75b7d36c671070e27ac4f34bb84c7f9c358330dc53a9e72e1af74b4f52360bfe245babb8702ca8852a6ea39f02dbb86c23457d5fe5b4f1e67e
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a05ee2388c8a28fb3ac98ec65148e455\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
Filesize65KB
MD5da9f9a01a99bd98104b19a95eeef256c
SHA1272071d5bbc0c234bc2f63dfcd5a90f83079bbab
SHA256b06632dff444204f6e76b16198c31ab706ea52270d5e3ae81626dc1fc1fb1a4d
SHA512dcb3273e33b7df02461e81a4f65ae99c0a9ae98188a612ce6d605a058bd2dcb6ddb5b7c78abe1f0a955b7f0c07c323dbfd77a2b6a629a9c87e4ecc1c57e4d81d
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a0fb6c079c2b3b683fb6dcdfe7d2968a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
Filesize83KB
MD5d72f1688472860aacaf5209f0b000e91
SHA1b7bc1b73d5a56c4e9cb58e918879bf7f8e40d882
SHA256c11be9fd5356d3dea010cc90622d902e70fd3cdae5978a01c929510907449e36
SHA5125ca027984d87ed2da6055aa384e015c1d64db43a0a3e6e7c1c2a5b30e1b4761e160e2b52be35850952967b2cfa1e5233698721e3a63c07d43d009960b5d655a7
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\afa5bb1a39443d7dc81dfff54073929b\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
Filesize28KB
MD5aefc3f3c8e7499bad4d05284e8abd16c
SHA17ab718bde7fdb2d878d8725dc843cfeba44a71f7
SHA2564436550409cfb3d06b15dd0c3131e87e7002b0749c7c6e9dc3378c99dbec815d
SHA5121d7dbc9764855a9a1f945c1bc8e86406c0625f1381d71b3ea6924322fbe419d1c70c3f3efd57ee2cb2097bb9385e0bf54965ab789328a80eb4946849648fe20b
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b8e029b1434d965380b363483e376df0\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
Filesize329KB
MD5eb09a7062a66a50fe2cb16c4a80561a7
SHA133b4c71ced7644be9802374a4f04c866394daaca
SHA256e94a4ad1ef9de2886a231e857c8691328c2e6e344cc9e82440e5c45b8a788256
SHA512c57a4c626c87032ca422df04ce7c3322662a9b0c6c06a46e93f08ca8f431295c9ae802cd79f53cae5de2b39a30bbeb756c966880e874ed44115cf511cc1ff920
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bb63c81d306795319eaf7af25f67342a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
Filesize141KB
MD558cacef7cbc000bb5ddeedc08a598f36
SHA1f8963d4ac1f7b72c2ee4a0a6d45b921f4f88bab7
SHA256124a0869df89ec2c9f0b307dd6b6d17e1e1e7ad638e0b4abf4483c15f842d270
SHA5129cf04e365abcdcfcb9c1f927da83a2dfe0791cccb80cd84ed63b03264d1e253060c455ed8664f35aee0a59e8c172f859ba49c67c9eec811a53e656c076c6bf66
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bf3e8ba642eaf9a5371982f211550c52\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
Filesize278KB
MD5d74d434aa70ce827715b5e0ac7eda5be
SHA1b53f3374be4c96af51c78fd873de1360f17c200f
SHA25654701cbe719b08b2393b9f4a604c372f9a280b5d3dd520b563d2aea7d69a1496
SHA512631d09a0ff39ece829f5c23278c2c030e5ff758b285128edb7805682de75b5be1aedd914d2325f79ec98d0103660a39ae1f1a5782f5dad038b143f3774c098df
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\de06a98a598aa0ff716a25b24d56ad7f\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
Filesize27KB
MD59c60454398ce4bce7a52cbda4a45d364
SHA1da1e5de264a6f6051b332f8f32fa876d297bf620
SHA256edc90887d38c87282f49adbb12a94040f9ac86058bfae15063aaaff2672b54e1
SHA512533b7e9c55102b248f4a7560955734b4156eb4c02539c6f978aeacecff1ff182ba0f04a07d32ed90707a62d73191b0e2d2649f38ae1c3e7a5a4c0fbea9a94300
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e0220058091b941725ef02be0b84abe7\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
Filesize57KB
MD56eaaa1f987d6e1d81badf8665c55a341
SHA1e52db4ad92903ca03a5a54fdb66e2e6fad59efd5
SHA2564b78ffa5f0b6751aea11917db5961d566e2f59beaa054b41473d331fd392329e
SHA512dbedfa6c569670c22d34d923e22b7dae7332b932b809082dad87a1f0bb125c912db37964b5881667867ccf23dc5e5be596aad85485746f8151ce1c51ffd097b2
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ee73646032cbb022d16771203727e3b2\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
Filesize130KB
MD52735d2ab103beb0f7c1fbd6971838274
SHA16063646bc072546798bf8bf347425834f2bfad71
SHA256f00156860ec7e88f4ccb459ca29b7e0e5c169cdc8a081cb043603187d25d92b3
SHA512fe2ce60c7f61760a29344e254771d48995e983e158da0725818f37441f9690bda46545bf10c84b163f6afb163ffb504913d6ffddf84f72b062c7f233aed896de
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f1a7ac664667f2d6bcd6c388b230c22b\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
Filesize59KB
MD58c69bbdfbc8cc3fa3fa5edcd79901e94
SHA1b8028f0f557692221d5c0160ec6ce414b2bdf19b
SHA256a21471690e7c32c80049e17c13624820e77bca6c9c38b83d9ea8a7248086660d
SHA512825f5b87b76303b62fc16a96b108fb1774c2aca52ac5e44cd0ac2fe2ee47d5d67947dfe7498e36bc849773f608ec5824711f8c36e375a378582eefb57c9c2557
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fc36797f7054935a6033077612905a0f\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
Filesize42KB
MD571d4273e5b77cf01239a5d4f29e064fc
SHA1e8876dea4e4c4c099e27234742016be3c80d8b62
SHA256f019899f829731f899a99885fd52fde1fe4a4f6fe3ecf7f7a7cfa78517c00575
SHA51241fe67cda988c53bd087df6296d1a242cddac688718ea5a5884a72b43e9638538e64d7a59e045c0b4d490496d884cf0ec694ddf7fcb41ae3b8cbc65b7686b180
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP35A1.tmp\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
Filesize187KB
MD56c2fd5e444300145415f8c6b063bee52
SHA19e9c586f236a7f2f1dd1cd8caafa2b0c2c371a6e
SHA25680efbf6cfc21a9658747570c8a709af5d910d7b0c3e3327aca0ccc9bdeef4ba4
SHA512166ae0d3a67b70e1c7942d88d446f6e9e11e53984a33558aceb82a00301563d64c8ae5a69878da25721d0f48d711dbd45d4727c517b6fa6b1093a26560c1afee
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\88e20c69254157d91b96eadc9444815d\ehiVidCtl.ni.dll
Filesize855KB
MD57812b0a90d92b4812d4063b89a970c58
SHA13c4a789b8d28a5bfa6a6191624e33b8f40e4c4ea
SHA256897626e6af00e85e627eeaa7f9563b245335242bc6196b36d0072e5b6d45e543
SHA512634a2395bada9227b1957f2b76ed7e19f12bfc4d71a145d182602a1b6e24d83e220ebfabd602b1995c360e1725a38a89ff58417b0295bb0da9ea35c41c21a6ed
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\2c6d60b55bbab22515c512080d4b3bae\stdole.ni.dll
Filesize43KB
MD53e72bdd0663c5b2bcd530f74139c83e3
SHA166069bcac0207512b9e07320f4fa5934650677d2
SHA2566a6ac3094130d1affd34aae5ba2bd8c889e2071eb4217a75d72b5560f884e357
SHA512b0a98db477fccae71b4ebfb8525ed52c10f1e7542f955b307f260e27e0758aa22896683302e34b0237e7e3bba9f5193ddcc7ff255c71fbaa1386988b0ec7d626
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\a46df77acafec60e31859608625e6354\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
Filesize105KB
MD5d9c0055c0c93a681947027f5282d5dcd
SHA19bd104f4d6bd68d09ae2a55b1ffc30673850780f
SHA256dc7eb30a161a2f747238c8621adb963b50227a596d802b5f9110650357f7f7ed
SHA5125404050caa320cdb48a6ccd34282c12788ee8db4e00397dde936cee00e297e9e438dcaa5fcb4e92525f167637b500db074ac91971d4730d222ac4713a3e7b930
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\82425dbc07ec64ab599534080b6fbc08\Microsoft.Office.Tools.v9.0.ni.dll
Filesize248KB
MD54bbf44ea6ee52d7af8e58ea9c0caa120
SHA1f7dcafcf850b4081b61ec7d313d7ec35d6ac66d2
SHA256c89c478c2d7134cd28b3d28d4216ad6aa41de3edd9d87a227ec19cf1cbf3fb08
SHA512c82356750a03bd6f92f03c67acdd5e1085fbd70533a8b314ae54676f37762d9ca5fa91574529b147d3e1c983bf042106b75f41206f5ddc37094a5e1c327c0fd3
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\03ff95a54351d56ec4719907aee35324\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
Filesize305KB
MD5df4fa2e9429ffa50c70961b840099f74
SHA1316c5d10f7450a446f364a5a954d1bafb67cb7a0
SHA256e65faae46e91ede4d5da47b54d5cb2ad1232db749e402ee79b2f7f9c9d3dae93
SHA5126b2c42dbcd04494bbc31e0b39d13a09f760db2986bd37a928b1fdcbd8c96b37d22feda9960efb5ff95869521631c7179d8fbe7a0c802ebf016f696be8e1de33d
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\06216e3a9e4ca262bc1e9a3818ced7fe\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
Filesize58KB
MD53d6987fc36386537669f2450761cdd9d
SHA17a35de593dce75d1cb6a50c68c96f200a93eb0c9
SHA25634c0302fcf7d2237f914aaa484b24f5a222745f21f5b5806b9c519538665d9cb
SHA5121d74371f0b6c68ead18b083c08b7e44fcaf930a16e0641ad6cd8d8defb4bde838377741e5b827f7f05d4f0ad4550b509ba6dff787f51fc6830d8f2c88dbf0e11
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\077a55be734d6ef6e2de59fa7325dac5\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
Filesize205KB
MD50a41e63195a60814fe770be368b4992f
SHA1d826fd4e4d1c9256abd6c59ce8adb6074958a3e7
SHA2564a8ccb522a4076bcd5f217437c195b43914ea26da18096695ee689355e2740e1
SHA5121c916165eb5a2e30d4c6a67f2023ab5df4e393e22d9d8123aa5b9b8522fdb5dfe539bcb772a6e55219b23d865ee1438d066e78f0cb138a4a61cc2a1cecf54728
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\2951791a1aa22719b6fdcb816f7e6c04\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
Filesize43KB
MD568c51bcdc03e97a119431061273f045a
SHA16ecba97b7be73bf465adf3aa1d6798fedcc1e435
SHA2564a3aa6bd2a02778759886aaa884d1e8e4a089a1e0578c973fcb4fc885901ebaf
SHA512d71d6275c6f389f6b7becb54cb489da149f614454ae739e95c33a32ed805820bef14c98724882c4ebb51b4705f41b3cdb5a8ed134411011087774cac6e9d23e8
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\369a81b278211f8d96a305e918172713\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
Filesize198KB
MD59d9305a1998234e5a8f7047e1d8c0efe
SHA1ba7e589d4943cd4fc9f26c55e83c77559e7337a8
SHA256469ff9727392795925c7fe5625afcf508ba07e145c7940e4a12dbd6f14afc268
SHA51258b8cc718ae1a72a9d596f7779aeb0d5492a19e5d668828fd6cff1aa37181cc62878799b4c97beec9c71c67a0c215162ff544b2417f6017cd892a1ce64f7878c
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\6597cf56a8fbf61c97e5d71b7dc41c46\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
Filesize122KB
MD5b07e7529066faa23c73003adeca0d9de
SHA13c128a18d79f2113a15d817e74dc72965d2e48d7
SHA2561e38fc3623c1636f6fc254367208c22727a743dca67f6f61b9833a3a8e317358
SHA512df137a612f41bacbc8fdc14450027d905762f6f4c3776811719f5af5310b896ba9b4d54615159fa5c2dfc62e2fa2f08caf5f14db768c34e264f85632d1345811
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\690c9a978f294e9acf1e52c77d8623c1\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
Filesize271KB
MD5fb6513bd0ceb02258a4c34f5e0042b6f
SHA11ba708bfaa8a30d0df85facc234e4b3db2f9aff9
SHA25687d7a0594fcdc4888a8fda95ba8d070ef3a07b5e2b887b4947b9008bad537440
SHA51217988596dfcb54f20d6ad29baecb73563d096a31bc236d39e3d500edca5141601427f16516e42c34274341342b7d46e04c765d52496dce527b4e89f60c124457
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\6e100177db1ef25970ca4a9eba03c352\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
Filesize70KB
MD557b601497b76f8cd4f0486d8c8bf918e
SHA1da797c446d4ca5a328f6322219f14efe90a5be54
SHA2561380d349abb6d461254118591637c8198859d8aadfdb098b8d532fdc4d776e2d
SHA5121347793a9dbff305975f4717afa9ee56443bc48586d35a64e8a375535fa9e0f6333e13c2267d5dbb7fe868aa863b23034a2e655dcd68b59dca75f17a4cbc1850
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\77f00d3b4d847c1dd38a1c69e4ef5cb1\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
Filesize87KB
MD5ed5c3f3402e320a8b4c6a33245a687d1
SHA14da11c966616583a817e98f7ee6fce6cde381dae
SHA256b58d8890d884e60af0124555472e23dee55905e678ec9506a3fbe00fffab0a88
SHA512d664b1f9f37c50d0e730a25ff7b79618f1ca99a0f1df0b32a4c82c95b2d15b6ef04ce5560db7407c6c3d2dff70514dac77cb0598f6d32b25362ae83fedb2bc2a
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9e076728e51ab285a8bc0f0b0a226e2c\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
Filesize82KB
MD52eeeff61d87428ae7a2e651822adfdc4
SHA166f3811045a785626e6e1ea7bab7e42262f4c4c1
SHA25637f2ee9f8794df6d51a678c62b4838463a724fdf1bd65277cd41feaf2e6c9047
SHA512cadf3a04aa6dc2b6b781c292d73e195be5032b755616f4b49c6bdde8b3ae297519fc255b0a46280b60aaf45d4dedb9b828d33f1400792b87074f01bbab19e41a
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a58534126a42a5dbdef4573bac06c734\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
Filesize58KB
MD5a8b651d9ae89d5e790ab8357edebbffe
SHA1500cff2ba14e4c86c25c045a51aec8aa6e62d796
SHA2561c8239c49fb10c715b52e60afd0e6668592806ef447ad0c52599231f995a95d7
SHA512b4d87ee520353113bb5cf242a855057627fde9f79b74031ba11d5feee1a371612154940037954cd1e411da0c102f616be72617a583512420fd1fc743541a10ce
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b0602aa5a28849b45565b396d51d14e9\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
Filesize221KB
MD56f0edbc04f4d21c6065aebc11cba16cd
SHA136a5e6b6bf551a32f2ffc0beae2d3add2232ece0
SHA25676bb4ef693a76dc59660a7357526047bab2dc4d20c7d12042159b6c20bf5e9b4
SHA512cdbfb221965c52f0dd48e8a4181cba7dc8eb6a40301fc715f72e3cf94539e6468fa82a8aa85a978167b8c8c5a5249375b048f536ec20f0d563102c9462fef269
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bd1950e68286b869edc77261e0821c93\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
Filesize85KB
MD55180107f98e16bdca63e67e7e3169d22
SHA1dd2e82756dcda2f5a82125c4d743b4349955068d
SHA256d0658cbf473ef3666c758d28a1c4bcdcb25b2e515ad5251127d0906e65938f01
SHA51227d785971c28181cf9115ab14de066931c4d81f8d357ea8b9eabfe0f70bd5848023b69948ac6a586989e892bcde40999f8895a0bd2e7a28bac7f2fa64bb22363
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\dbe51d156773fefd09c7a52feeb8ff79\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
Filesize298KB
MD55fd34a21f44ccbeda1bf502aa162a96a
SHA11f3b1286c01dea47be5e65cb72956a2355e1ae5e
SHA2565d88539a1b7be77e11fe33572606c1093c54a80eea8bd3662f2ef5078a35ce01
SHA51258c3904cd1a06fbd3a432b3b927e189a744282cc105eda6f0d7f406971ccbc942c7403c2dcbb2d042981cf53419ca5e2cf4d9f57175e45cc5c484b0c121bb125
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\fe8d06712eb58d0150803744020b072a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
Filesize43KB
MD5dd1dfa421035fdfb6fd96d301a8c3d96
SHA1d535030ad8d53d57f45bc14c7c7b69efd929efb3
SHA256f71293fe6cf29af54d61bd2070df0a5ff17a661baf1b0b6c1d3393fd23ccd30c
SHA5128e0f2bee9801a4eba974132811d7274e52e6e17ccd60e8b3f74959994f007bdb0c60eb9facb6321c0fdfbcc44e9a77d8c5c776d998ccce256fa864338a6f63b1
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\ee22f412f6314443add3ca412afd6569\ehiActivScp.ni.dll
Filesize124KB
MD5929653b5b019b4555b25d55e6bf9987b
SHA1993844805819ee445ff8136ee38c1aee70de3180
SHA2562766353ca5c6a87169474692562282005905f1ca82eaa08e08223fc084dbb9a2
SHA512effc809cca6170575efa7b4b23af9c49712ee9a7aaffd8f3a954c2d293be5be2cf3c388df4af2043f82b9b2ea041acdbb9d7ddd99a2fc744cce95cf4d820d013
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\11d57f5c033326954c0bc4f0b2680812\ehiVidCtl.ni.dll
Filesize2.1MB
MD510b5a285eafccdd35390bb49861657e7
SHA162c05a4380e68418463529298058f3d2de19660d
SHA2565f3bb3296ab50050e6b4ea7e95caa937720689db735c70309e5603a778be3a9a
SHA51219ff9ac75f80814ed5124adc25fc2a6d1d7b825c770e1edb8f5b6990e44f9d2d0c1c0ed75b984e729709d603350055e5a543993a80033367810c417864df1452
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\stdole\70f1aed4a280583cbd09e0f5d9bbc1f5\stdole.ni.dll
Filesize88KB
MD51f394b5ca6924de6d9dbfb0e90ea50ef
SHA14e2caa5e98531c6fbf5728f4ae4d90a1ad150920
SHA2569db0e4933b95ad289129c91cd9e14a0c530f42b55e8c92dc8c881bc3dd40b998
SHA512e27ea0f7b59d41a85547d607ae3c05f32ce19fa5d008c8eaf11d0c253a73af3cfa6df25e3ee7f3920cd775e1a3a2db934e5891b4aafd4270d65a727b439f7476
-
Filesize
1.2MB
MD575102443b879539dd8ee773a8f6ad3b9
SHA1af957d0d7d44475c959977ff3e1e2839e1941d0e
SHA25695eb0cd239a6f31f5f3efa9278b10d898df2892b8468ee01230e1e92ee2759f1
SHA512ae7955bfd7139c02d81af8b7eae7cba8f6d969810762ab7202db08443bf9722717d9e408f9076fe742b8d1900e53dd8a5b6489a87f6b37449cfd9149db32a20b
-
Filesize
1.2MB
MD59ef0246f121f05f65213ea5f46176188
SHA1ed2e9b657fd741316b33425c23c6b1644dec664c
SHA2568ca3c3a71a5410ff5b1b2cfc6257385299a3cd2aa6abdb34fb42866a45fe1c6a
SHA512d8d6459e6bcae6b5e28bf8b6ddea9983b8165c33247ecf6ae2335f6f73d739b7de1b226b20319804eee35951cb37f6a04dbc5f478f733a946d633818baee0245
-
Filesize
1.2MB
MD50ca32571724cf8f25532b949b47da209
SHA19b08541be13b54a4a9c31eed612a5067c4b08f53
SHA25665633fa37942d206e54036c82ddb5551d57e03ed7ecd87e7ac87e580a90ee95f
SHA5126ae14cce7c22f39dabf225927756fd3d798d53a2a00b171e015668eb68df6d009c0ae6d210c39bfa0784d7e0e5ba3813f53a7f60da979aa632933e8684657bfb
-
Filesize
2.0MB
MD5542e0f4ef3cba1edfba3446a0094a447
SHA11306847db82fee6a6bd031e441b2ba085319b501
SHA2568008e245d43fc6e465b16073a1a786ce8c1504f4af737de2ca15f8ef96dc6d56
SHA512ceb831d9465fc3f71669d8e5615a200c495636e47413d83d28d38a4f1c93d45c5401bab9060cff7807b98dcfa6c265ad04c96173b59326c67db3646b50a46423
-
Filesize
1.2MB
MD50c745d1529db5b2d3167a4cd8b6f7031
SHA1aa46de2c254ebe20fb5cae3f5fbb41f0a0e8cd38
SHA25636ef4f0d28bda9ecd79ae46ca38a1ed72236552fca10e2b7c4526e3ab910e185
SHA51230cc24ac9040700de177b15bb052caad49d20844777c8d670a959255aef6de2c763b64825362fb2cec7de768b31547755aa43dbcedb1424c3a8e62228a04ecbf
-
Filesize
1.1MB
MD5b987466f17804f73e22142ef692d3a90
SHA12eac5d1cd541372fb3b507c340fbb9d64c6b2567
SHA256a019ce4df3a95808cce8a76a51460d4b19a1bb3b41082d741e35fc993428a635
SHA51281dde65106af22364c80236f941ac735cadf63dcda3a20e1cf61f65d7d6eb2c67a4320d543f72ba78b8cef7f98f53a1adca5d54c8781f024703c2e55fd4a4139
-
Filesize
1.1MB
MD5a55d249088550c858538689c1edaba89
SHA13646fe0ba0038875c9b0ec4d7cf715455a2c8930
SHA256a47bc99d7ac31b4ed52414ff18a77c86cef3e2f119ae960f9c8a0d7490613f75
SHA5123bede16c148674722cf8bd11db68faafdf57953f4fda1a9df18df2eaee432f05a5e9265925e500188f32ed7a3666bdd69b599d0ca81158f5df4f2a29fc5d91c0
-
Filesize
1.2MB
MD5deb1f2809cec6bcaa813588c29e18e9b
SHA188b818b2fc85ecad9601809561fa21240d001b45
SHA256e7fa486e6e19af186681b0e0a73850cecb2659c38e8d30118ea4d739daf97ddd
SHA512951fb662a7b2d60ea378fe3d546e5c41c252e30cf40907e8c319083428ec0f9d90b1d8115305b0a7441cc47128f86c9ee7a45c6e968778396b42e585185447e2
-
Filesize
1.2MB
MD58c886c2b95e1359beb06d42ec715ee8b
SHA139c121a9ee8d31dc8815abc1a659f1b3a9dc7be3
SHA256445f034fda1cee02b8630b63de27afa0aa8c38c93a8de70eececcad653761597
SHA512e313367c626ee16ca784103d265d33c3f2faab09895461fc13047a4d75d9d7db8587a7df379593ff503b7126513a210b3463688489241dc74f036412c7aebc23
-
Filesize
1.1MB
MD5c29de763d91b2f6050a930ccf367a939
SHA12bcdb3db2f035e1d94f831c6d1864a695f1db38f
SHA2568a54b9de8626fa61cd5c7d8a6c8a6dc46e74232751438d672afb53715b8d35dc
SHA5125461e171725dd53490fe4e7b48b20f3b2990bea280809bb0e5ac3d4b29d299bad9ba5883cef1f3d4f1c7d9415916af19d351684404ccebc5b110dc0d5576e710
-
Filesize
1.3MB
MD521715a5a8be8f58fdfbb4f210b83e450
SHA17ddd6dae9f0e20b575bc1b1767352de38d84eac5
SHA25672f8c8898dd9b9562c3c8c981bf287418a652d51f0139b523b7edadedb703e1c
SHA51290814ac08f0713791ec392a2d045b34fb5e220b9e9b044e5a3c1fd4206c4cf7cc328a289c9fcc70a6e1c7d59e3bcfdf8ba0222de458124a98cef47fd1234b1be