simda | d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
01/01/2025, 03:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe
Size

211KB
MD5

09a8232b4699b81ec88ba00cb0c6aac7
SHA1

d713d20abc8d0ed8894b45215732327f499f0c8c
SHA256

d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112
SHA512

c1e0d17ba0738a53f8b162ec5071ea745ea7a8bba170dc5dc3d9684659b518f36c2a395a41da0299711572dfbb5f04019f5f16b3323d98fa3dc5821d9366adeb
SSDEEP

3072:lg/T01/NkSp48GzFoMVZrjB2+4M9eOpssvSX4FzU5chdhGulEV5SCmGFkInV/0at:WErGjVqiFPGYrGZMCrCIn6aQdM

Score

10^/10

simda discovery persistence stealer trojan

Malware Config

Extracted

Family

simda

Attributes

dga
gatyfus.com

lyvyxor.com

vojyqem.com

qetyfuv.com

puvyxil.com

gahyqah.com

lyryfyd.com

vocyzit.com

qegyqaq.com

purydyv.com

gacyzuz.com

lygymoj.com

vowydef.com

qexylup.com

pufymoq.com

gaqydeb.com

lyxylux.com

vofymik.com

qeqysag.com

puzylyp.com

gadyniw.com

lymysan.com

volykyc.com

qedynul.com

pumypog.com

galykes.com

lysynur.com

vonypom.com

qekykev.com

pupybul.com

ganypih.com

lykyjad.com

vopybyt.com

qebytiq.com

pujyjav.com

gatyvyz.com

lyvytuj.com

vojyjof.com

qetyvep.com

puvytuq.com

gahyhob.com

lyryvex.com

vocyruk.com

qegyhig.com

purycap.com

gacyryw.com

lygygin.com

vowycac.com

qexyryl.com

pufygug.com

gaqycos.com

lyxywer.com

vofygum.com

qeqyxov.com

puzywel.com

gadyfuh.com

lymyxid.com

volyqat.com

qedyfyq.com

pumyxiv.com

galyqaz.com

lysyfyj.com

vonyzuf.com

qekyqop.com

pupydeq.com

ganyzub.com

lykymox.com

vopydek.com

qebylug.com

pujymip.com

gatydaw.com

lyvylyn.com

vojymic.com

qetysal.com

puvylyg.com

gahynus.com

lyrysor.com

vocykem.com

qegynuv.com

purypol.com

gacykeh.com

lygynud.com

vowypit.com

qexykaq.com

pufybyv.com

gaqypiz.com

lyxyjaj.com

vofybyf.com

qeqytup.com

puzyjoq.com

gadyveb.com

lymytux.com

volyjok.com

qedyveg.com

pumytup.com

galyhiw.com

lysyvan.com

vonyryc.com

qekyhil.com

pupycag.com

ganyrys.com

lykygur.com

vopycom.com

qebyrev.com

pujygul.com

gatycoh.com

lyvywed.com

vojygut.com

qetyxiq.com

puvywav.com

gahyfyz.com

lyryxij.com

vocyqaf.com

qegyfyp.com

puryxuq.com

gacyqob.com

lygyfex.com

vowyzuk.com

qexyqog.com

pufydep.com

gaqyzuw.com

lyxymin.com

vofydac.com

qeqylyl.com

puzymig.com

gadydas.com

lymylyr.com

volymum.com

qedysov.com

pumylel.com

galynuh.com

lysysod.com

vonyket.com

qekynuq.com

pupypiv.com

ganykaz.com

lykynyj.com

vopypif.com

qebykap.com

pujybyq.com

gatypub.com

lyvyjox.com

vojybek.com

qetytug.com

puvyjop.com

gahyvew.com

lyrytun.com

vocyjic.com

qegyval.com

purytyg.com

gacyhis.com

lygyvar.com

vowyrym.com

qexyhuv.com

pufycol.com

gaqyreh.com

lyxygud.com

vofycot.com

qeqyreq.com

puzyguv.com

gadyciz.com

lymywaj.com

volygyf.com

qedyxip.com

pumywaq.com

galyfyb.com

lysyxux.com

vonyqok.com

qekyfeg.com

pupyxup.com

ganyqow.com

lykyfen.com

vopyzuc.com

qebyqil.com

pujydag.com

gatyzys.com

lyvymir.com

vojydam.com

qetylyv.com

puvymul.com

gahydoh.com

lyryled.com

vocymut.com

qegysoq.com

purylev.com

gacynuz.com

lygysij.com

vowykaf.com

qexynyp.com

pufypiq.com

gaqykab.com

lyxynyx.com

vofypuk.com

qeqykog.com

puzybep.com

gadypuw.com

lymyjon.com

volybec.com

qedytul.com

pumyjig.com

galyvas.com

lysytyr.com

vonyjim.com

qekyvav.com

pupytyl.com

ganyhuh.com

lykyvod.com

vopyret.com

qebyhuq.com

pujycov.com

gatyrez.com

lyvyguj.com

vojycif.com

qetyrap.com

puvygyq.com

gahycib.com

lyrywax.com

vocygyk.com

qegyxug.com

purywop.com

gacyfew.com

lygyxun.com

vowyqoc.com

qexyfel.com

pufyxug.com

gaqyqis.com

lyxyfar.com

vofyzym.com

qeqyqiv.com

puzydal.com

gadyzyh.com

lymymud.com

volydot.com

qedyleq.com

pumymuv.com

galydoz.com

lysylej.com

vonymuf.com

qekysip.com

pupylaq.com

ganynyb.com

lykysix.com

vopykak.com

qebynyg.com

pujypup.com

gatykow.com

lyvynen.com

vojypuc.com

qetykol.com

puvybeg.com

gahypus.com

lyryjir.com

vocybam.com

qegytyv.com

puryjil.com

gacyvah.com

lygytyd.com

vowyjut.com

qexyvoq.com

pufytev.com

gaqyhuz.com

lyxyvoj.com

vofyref.com

qeqyhup.com

puzyciq.com

gadyrab.com

lymygyx.com

volycik.com

qedyrag.com

pumygyp.com

galycuw.com

lysywon.com

vonygec.com

qekyxul.com

pupywog.com

ganyfes.com

lykyxur.com

vopyqim.com

qebyfav.com

pujyxyl.com

gatyqih.com

lyvyfad.com

vojyzyt.com

qetyquq.com

puvydov.com

gahyzez.com

lyrymuj.com

vocydof.com

qegylep.com

purymuq.com

gacydib.com

lygylax.com

vowymyk.com

qexysig.com

pufylap.com

gaqynyw.com

lyxysun.com

vofykoc.com

qeqynel.com

puzypug.com

gadykos.com

lymyner.com

volypum.com

qedykiv.com

pumybal.com

galypyh.com

lysyjid.com

vonybat.com

qekytyq.com

pupyjuv.com

ganyvoz.com

lykytej.com

vopyjuf.com

qebyvop.com

pujyteq.com

gatyhub.com

lyvyvix.com

vojyrak.com

qetyhyg.com

puvycip.com

gahyraw.com

lyrygyn.com

vocycuc.com

qegyrol.com

purygeg.com

gacycus.com

lygywor.com

vowygem.com

qexyxuv.com

pufywil.com

gaqyfah.com

lyxyxyd.com

vofyqit.com

qeqyfaq.com

puzyxyv.com

gadyquz.com

lymyfoj.com

volyzef.com

qedyqup.com

pumydoq.com

galyzeb.com

lysymux.com

vonydik.com

qekylag.com

pupymyp.com

ganydiw.com

lykylan.com

vopymyc.com

qebysul.com

pujylog.com

gatynes.com

lyvysur.com

vojykom.com

qetynev.com

puvypul.com

gahykih.com

lyrynad.com

vocypyt.com

qegykiq.com

purybav.com

gacypyz.com

lygyjuj.com

vowybof.com

qexytep.com

pufyjuq.com

gaqyvob.com

lyxytex.com

vofyjuk.com

qeqyvig.com

puzytap.com

gadyhyw.com

lymyvin.com

volyrac.com

qedyhyl.com

pumycug.com

galyros.com

lysyger.com

vonycum.com

qekyrov.com

pupygel.com

ganycuh.com

lykywid.com

vopygat.com

qebyxyq.com

pujywiv.com

gatyfaz.com

lyvyxyj.com

vojyquf.com

qetyfop.com

puvyxeq.com

gahyqub.com

lyryfox.com

vocyzek.com

qegyqug.com

purydip.com

gacyzaw.com

lygymyn.com

vowydic.com

qexylal.com

pufymyg.com

gaqydus.com

lyxylor.com

vofymem.com

qeqysuv.com

puzylol.com

gadyneh.com

lymysud.com

volykit.com

qedynaq.com

pumypyv.com

galykiz.com

lysynaj.com

vonypyf.com

qekykup.com

pupyboq.com

ganypeb.com

lykyjux.com

vopybok.com

qebyteg.com

pujyjup.com

gatyviw.com

lyvytan.com

vojyjyc.com

qetyvil.com

puvytag.com

gahyhys.com

lyryvur.com

vocyrom.com

qegyhev.com

purycul.com

gacyroh.com

lygyged.com

vowycut.com

qexyriq.com

pufygav.com

gaqycyz.com

lyxywij.com

vofygaf.com

qeqyxyp.com

puzywuq.com

gadyfob.com

lymyxex.com

volyquk.com

qedyfog.com

pumyxep.com

galyquw.com

lysyfin.com

vonyzac.com

qekyqyl.com

pupydig.com

ganyzas.com

lykymyr.com

vopydum.com

qebylov.com

pujymel.com

gatyduh.com

lyvylod.com

vojymet.com

qetysuq.com

puvyliv.com

gahynaz.com

lyrysyj.com

vocykif.com

qegynap.com

purypyq.com

gacykub.com

lygynox.com

vowypek.com

qexykug.com

pufybop.com

gaqypew.com

lyxyjun.com

vofybic.com

qeqytal.com

puzyjyg.com

gadyvis.com

lymytar.com

volyjym.com

qedyvuv.com

pumytol.com

galyheh.com

lysyvud.com

vonyrot.com

qekyheq.com

pupycuv.com

ganyriz.com

lykygaj.com

vopycyf.com

qebyrip.com

pujygaq.com

gatycyb.com

lyvywux.com

vojygok.com

qetyxeg.com

puvywup.com

gahyfow.com

lyryxen.com

vocyquc.com

qegyfil.com

puryxag.com

gacyqys.com

lygyfir.com

vowyzam.com

qexyqyv.com

pufydul.com

gaqyzoh.com

lyxymed.com

vofydut.com

qeqyloq.com

puzymev.com

gadyduz.com

lymylij.com

volymaf.com

qedysyp.com

pumyliq.com

galynab.com

lysysyx.com

vonykuk.com

qekynog.com

pupypep.com

ganykuw.com

lykynon.com

vopypec.com

qebykul.com

pujybig.com

gatypas.com

lyvyjyr.com

vojybim.com

qetytav.com

puvyjyl.com

gahyvuh.com

lyrytod.com

vocyjet.com

qegyvuq.com

purytov.com

gacyhez.com

lygyvuj.com

vowyrif.com

qexyhap.com

pufycyq.com

gaqyrib.com

lyxygax.com

vofycyk.com

qeqyrug.com

puzygop.com

gadycew.com

lymywun.com

volygoc.com

qedyxel.com

pumywug.com

galyfis.com

lysyxar.com

vonyqym.com

qekyfiv.com

pupyxal.com

ganyqyh.com

lykyfud.com

vopyzot.com

qebyqeq.com

pujyduv.com

gatyzoz.com

lyvymej.com

vojyduf.com

qetylip.com

puvymaq.com

gahydyb.com

lyrylix.com

vocymak.com

qegysyg.com

purylup.com

gacynow.com

lygysen.com

vowykuc.com

qexynol.com

pufypeg.com

gaqykus.com

lyxynir.com

vofypam.com

qeqykyv.com

puzybil.com

gadypah.com

lymyjyd.com

volybut.com

qedytoq.com

pumyjev.com

galyvuz.com

lysytoj.com

vonyjef.com

qekyvup.com

pupytiq.com

ganyhab.com

lykyvyx.com

vopyrik.com

qebyhag.com

pujycyp.com

gatyruw.com

lyvygon.com

vojycec.com

qetyrul.com

puvygog.com

gahyces.com

lyrywur.com

vocygim.com

qegyxav.com

purywyl.com

gacyfih.com

lygyxad.com

vowyqyt.com

qexyfuq.com

pufyxov.com

gaqyqez.com

lyxyfuj.com

vofyzof.com

qeqyqep.com

puzyduq.com

gadyzib.com

lymymax.com

volydyk.com

qedylig.com

pumymap.com

galydyw.com

lysylun.com

vonymoc.com

qekysel.com

pupylug.com

ganynos.com

lykyser.com

vopykum.com

qebyniv.com

pujypal.com

gatykyh.com

lyvynid.com

vojypat.com

qetykyq.com

puvybuv.com

gahypoz.com

lyryjej.com

vocybuf.com

qegytop.com

puryjeq.com

gacyvub.com

lygytix.com

vowyjak.com

qexyvyg.com

pufytip.com

gaqyhaw.com

lyxyvyn.com

vofyruc.com

qeqyhol.com

puzyceg.com

gadyrus.com

lymygor.com

volycem.com

qedyruv.com

pumygil.com

galycah.com

lysywyd.com

vonygit.com

qekyxaq.com

pupywyv.com

ganyfuz.com

lykyxoj.com

vopyqef.com

qebyfup.com

pujyxoq.com

gatyqeb.com

lyvyfux.com

vojyzik.com

qetyqag.com

puvydyp.com

gahyziw.com

lyryman.com

vocydyc.com

qegylul.com

purymog.com

gacydes.com

lygylur.com

vowymom.com

qexysev.com

pufylul.com

gaqynih.com

lyxysad.com

vofykyt.com

qeqyniq.com

puzypav.com

gadykyz.com

lymynuj.com

volypof.com

qedykep.com

pumybuq.com

galypob.com

lysyjex.com

vonybuk.com

qekytig.com

pupyjap.com

ganyvyw.com

lykytin.com

vopyjac.com

qebyvyl.com

pujytug.com

gatyhos.com

lyvyver.com

vojyrum.com

qetyhov.com

puvycel.com

gahyruh.com

lyrygid.com

vocycat.com

qegyryq.com

purygiv.com

gacycaz.com

lygywyj.com

vowyguf.com

qexyxop.com

pufyweq.com

gaqyfub.com

lyxyxox.com

vofyqek.com

qeqyfug.com

puzyxip.com

gadyqaw.com

lymyfyn.com

volyzic.com

qedyqal.com

pumydyg.com

galyzus.com

lysymor.com

vonydem.com

qekyluv.com

pupymol.com

ganydeh.com

lykylud.com

vopymit.com

qebysaq.com

pujylyv.com

gatyniz.com

lyvysaj.com

vojykyf.com

qetynup.com

puvypoq.com

gahykeb.com

lyrynux.com

vocypok.com

qegykeg.com

purybup.com

gacypiw.com

lygyjan.com

vowybyc.com

qexytil.com

pufyjag.com

gaqyvys.com

lyxytur.com

vofyjom.com

qeqyvev.com

puzytul.com

gadyhoh.com

lymyved.com

volyrut.com

qedyhiq.com

pumycav.com

galyryz.com

lysygij.com

vonycaf.com

qekyryp.com

pupyguq.com

ganycob.com

lykywex.com

vopyguk.com

qebyxog.com

pujywep.com

gatyfuw.com

lyvyxin.com

vojyqac.com

qetyfyl.com

puvyxig.com

gahyqas.com

lyryfyr.com

vocyzum.com

qegyqov.com

purydel.com

gacyzuh.com

lygymod.com

vowydet.com

qexyluq.com

pufymiv.com

gaqydaz.com

lyxylyj.com

vofymif.com

qeqysap.com

puzylyq.com

gadynub.com

lymysox.com

volykek.com

qedynug.com

pumypop.com

galykew.com

lysynun.com

vonypic.com

qekykal.com

pupybyg.com

ganypis.com

lykyjar.com

vopybym.com

qebytuv.com

pujyjol.com

gatyveh.com

lyvytud.com

vojyjot.com

qetyveq.com

puvytuv.com

gahyhiz.com

lyryvaj.com

vocyryf.com

qegyhip.com

purycaq.com

gacyryb.com

lygygux.com

vowycok.com

qexyreg.com

pufygup.com

gaqycow.com

lyxywen.com

vofyguc.com

qeqyxil.com

puzywag.com

gadyfys.com

lymyxir.com

volyqam.com

qedyfyv.com

pumyxul.com

galyqoh.com

lysyfed.com

vonyzut.com

qekyqoq.com

pupydev.com

ganyzuz.com

lykymij.com

vopydaf.com

qebylyp.com

pujymiq.com

gatydab.com

lyvylyx.com

vojymuk.com

qetysog.com

puvylep.com

gahynuw.com

lyryson.com

vocykec.com

qegynul.com

purypig.com

gacykas.com

lygynyr.com

vowypim.com

qexykav.com

pufybyl.com

gaqypuh.com

lyxyjod.com

vofybet.com

qeqytuq.com

puzyjov.com

gadyvez.com

lymytuj.com

volyjif.com

qedyvap.com

pumytyq.com

galyhib.com

lysyvax.com

vonyryk.com

qekyhug.com

pupycop.com

ganyrew.com

lykygun.com

vopycoc.com

qebyrel.com

pujygug.com

gatycis.com

lyvywar.com

vojygym.com

qetyxiv.com

puvywal.com

gahyfyh.com

lyryxud.com

vocyqot.com

qegyfeq.com

puryxuv.com

gacyqoz.com

lygyfej.com

vowyzuf.com

qexyqip.com

pufydaq.com

gaqyzyb.com

lyxymix.com

vofydak.com

qeqylyg.com

puzymup.com

gadydow.com

lymylen.com

volymuc.com

qedysol.com

pumyleg.com

galynus.com

lysysir.com

vonykam.com

qekynyv.com

pupypil.com

ganykah.com

lykynyd.com

vopyput.com

qebykoq.com

pujybev.com

gatypuz.com

lyvyjoj.com

vojybef.com

qetytup.com

puvyjiq.com

gahyvab.com

lyrytyx.com

vocyjik.com

qegyvag.com

purytyp.com

gacyhuw.com

lygyvon.com

vowyrec.com

qexyhul.com

pufycog.com

gaqyres.com

lyxygur.com

vofycim.com

qeqyrav.com

puzygyl.com

gadycih.com

lymywad.com

volygyt.com

qedyxuq.com

pumywov.com

galyfez.com

lysyxuj.com

vonyqof.com

qekyfep.com

pupyxuq.com

ganyqib.com

lykyfax.com

vopyzyk.com

qebyqig.com

pujydap.com

gatyzyw.com

lyvymun.com

vojydoc.com

qetylel.com

puvymug.com

gahydos.com

lyryler.com

vocymum.com

qegysiv.com

purylal.com

gacynyh.com

lygysid.com

vowykat.com

qexynyq.com

pufypuv.com

gaqykoz.com

lyxynej.com

vofypuf.com

qeqykop.com

puzybeq.com

gadypub.com

lymyjix.com

volybak.com

qedytyg.com

pumyjip.com

galyvaw.com

lysytyn.com

vonyjuc.com

qekyvol.com

pupyteg.com

ganyhus.com

lykyvor.com

vopyrem.com

qebyhuv.com

pujycil.com

gatyrah.com

lyvygyd.com

vojycit.com

qetyraq.com

puvygyv.com

gahycuz.com

lyrywoj.com

vocygef.com

qegyxup.com

purywoq.com

gacyfeb.com

lygyxux.com

vowyqik.com

qexyfag.com

pufyxyp.com

gaqyqiw.com

lyxyfan.com

vofyzyc.com

qeqyqul.com

puzydog.com

Signatures

Simda family
simda
simda
Simda is an infostealer written in C++.
stealer trojan simda

Executes dropped EXE 1 IoCs

pid	Process
2740	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe
308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\add81c4c = "C:\\Windows\\apppatch\\svchost.exe"	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Defender\lygynud.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lyxynyx.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vofycot.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\qetyfuv.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vocyzit.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lymyxid.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\galyqaz.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\gahyqah.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vonypom.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\pupycag.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\gadyciz.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\galynuh.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\qetyhyg.com	svchost.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\apppatch\svchost.exe	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe
File opened for modification	C:\Windows\apppatch\svchost.exe	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\MuiCache	svchost.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2740	svchost.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe
Token: SeSecurityPrivilege	308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe
Token: SeSecurityPrivilege	2740	svchost.exe
Token: SeSecurityPrivilege	2740	svchost.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 2740	308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe	30
PID 308 wrote to memory of 2740	308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe	30
PID 308 wrote to memory of 2740	308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe	30
PID 308 wrote to memory of 2740	308	d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe	30

C:\Users\Admin\AppData\Local\Temp\d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe
"C:\Users\Admin\AppData\Local\Temp\d2bda65af2757a6ee977131296e1458d6242197dae75354de29fceff810c3112.exe"
1⤵
- Loads dropped DLL
- Modifies WinLogon
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:308
- C:\Windows\apppatch\svchost.exe
  "C:\Windows\apppatch\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2740

Network

DNS

gatyfus.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyfus.com

IN A

Response

gatyfus.com

IN A

5.79.71.225

gatyfus.com

IN A

5.79.71.205

gatyfus.com

IN A

85.17.31.82

gatyfus.com

IN A

178.162.203.211

gatyfus.com

IN A

178.162.203.226

gatyfus.com

IN A

178.162.217.107

gatyfus.com

IN A

85.17.31.122

gatyfus.com

IN A

178.162.203.202
DNS

gatyfus.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyfus.com

IN A
DNS

gatyfus.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyfus.com

IN A
DNS

gatyfus.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyfus.com

IN A
DNS

qegyqaq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegyqaq.com

IN A

Response
DNS

puvyxil.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvyxil.com

IN A

Response
DNS

vojyqem.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojyqem.com

IN A

Response
DNS

lyryfyd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyryfyd.com

IN A

Response
DNS

gacyzuz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacyzuz.com

IN A

Response
DNS

gacyzuz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacyzuz.com

IN A
DNS

vowydef.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowydef.com

IN A

Response
DNS

pufymoq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufymoq.com

IN A

Response
DNS

pufymoq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufymoq.com

IN A
DNS

lyxylux.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxylux.com

IN A

Response
DNS

lyxylux.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxylux.com

IN A
DNS

qeqysag.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqysag.com

IN A

Response
DNS

gadyniw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadyniw.com

IN A

Response

gadyniw.com

IN A

154.212.231.82
DNS

volykyc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volykyc.com

IN A

Response
DNS

pumypog.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumypog.com

IN A

Response
DNS

pumypog.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumypog.com

IN A
DNS

lysynur.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysynur.com

IN A

Response
DNS

lysynur.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysynur.com

IN A
DNS

qekykev.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekykev.com

IN A

Response
DNS

qekykev.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekykev.com

IN A
DNS

ganypih.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganypih.com

IN A

Response
DNS

vopybyt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopybyt.com

IN A

Response
DNS

pujyjav.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujyjav.com

IN A

Response
DNS

lyvytuj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvytuj.com

IN A

Response
DNS

lyvytuj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvytuj.com

IN A
DNS

qetyvep.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetyvep.com

IN A

Response
DNS

qetyvep.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetyvep.com

IN A

Response
DNS

qeqytup.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqytup.com

IN A
DNS

gahyhob.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahyhob.com

IN A

Response
DNS

vocyruk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocyruk.com

IN A

Response
DNS

purycap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purycap.com

IN A

Response
DNS

purycap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purycap.com

IN A
DNS

lygygin.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygygin.com

IN A

Response
DNS

lygygin.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygygin.com

IN A
DNS

qexyryl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexyryl.com

IN A

Response
DNS

gaqycos.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqycos.com

IN A

Response
DNS

vofygum.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofygum.com

IN A

Response
DNS

puzywel.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzywel.com

IN A

Response
DNS

puzywel.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzywel.com

IN A
DNS

lymyxid.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymyxid.com

IN A

Response

lymyxid.com

IN A

3.94.10.34
DNS

qedyfyq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedyfyq.com

IN A

Response
DNS

galyqaz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galyqaz.com

IN A

Response

galyqaz.com

IN A

199.191.50.83
DNS

vonyzuf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonyzuf.com

IN A

Response
DNS

lyvyxor.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvyxor.com

IN A

Response
DNS

qetyfuv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetyfuv.com

IN A

Response

qetyfuv.com

IN A

44.221.84.105
DNS

gahyqah.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahyqah.com

IN A

Response

gahyqah.com

IN A

23.253.46.64

gahyqah.com

IN A

162.255.119.102
DNS

gahyqah.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahyqah.com

IN A
DNS

vocyzit.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocyzit.com

IN A

Response

vocyzit.com

IN A

44.221.84.105
DNS

purydyv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purydyv.com

IN A

Response
DNS

lygymoj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygymoj.com

IN A

Response
DNS

qexylup.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexylup.com

IN A

Response
DNS

gaqydeb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqydeb.com

IN A

Response
DNS

vofymik.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofymik.com

IN A

Response
DNS

puzylyp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzylyp.com

IN A

Response

puzylyp.com

IN A

99.83.170.3

puzylyp.com

IN A

75.2.71.199
DNS

lymysan.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymysan.com

IN A

Response
DNS

qedynul.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedynul.com

IN A

Response
DNS

galykes.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galykes.com

IN A

Response
DNS

vonypom.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonypom.com

IN A

Response

vonypom.com

IN A

34.227.7.138
DNS

pupybul.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupybul.com

IN A

Response
DNS

pupybul.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupybul.com

IN A
DNS

lykyjad.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykyjad.com

IN A

Response
DNS

qebytiq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebytiq.com

IN A

Response
DNS

qebytiq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebytiq.com

IN A
DNS

gatyvyz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyvyz.com

IN A

Response
DNS

vojyjof.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojyjof.com

IN A

Response
DNS

puvytuq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvytuq.com

IN A

Response
DNS

lyryvex.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyryvex.com

IN A

Response
DNS

qegyhig.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegyhig.com

IN A

Response

qegyhig.com

IN A

172.67.173.131

qegyhig.com

IN A

104.21.30.183
DNS

gacyryw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacyryw.com

IN A

Response
DNS

vowycac.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowycac.com

IN A

Response
DNS

pufygug.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufygug.com

IN A

Response
DNS

lyxywer.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxywer.com

IN A

Response
DNS

qeqyxov.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqyxov.com

IN A

Response
DNS

gadyfuh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadyfuh.com

IN A

Response
DNS

volyqat.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volyqat.com

IN A

Response
DNS

pumyxiv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumyxiv.com

IN A

Response
DNS

lysyfyj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysyfyj.com

IN A

Response
DNS

qekyqop.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekyqop.com

IN A

Response
GET

http://galyqaz.com/login.php

svchost.exe

Remote address:

199.191.50.83:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galyqaz.com

Response

HTTP/1.1 302 Found

Date: Wed, 01 Jan 2025 03:29:47 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Location: //ww8.galyqaz.com
Content-Length: 0
Content-Type: text/html; charset=UTF-8
GET

http://galyqaz.com/login.php

svchost.exe

Remote address:

199.191.50.83:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galyqaz.com

Response

HTTP/1.1 200 OK

Date: Wed, 01 Jan 2025 03:29:53 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://vonypom.com/login.php

svchost.exe

Remote address:

34.227.7.138:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vonypom.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 01 Jan 2025 03:29:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1e1eeaeb6373c7c7cb78c65fa63c771c|181.215.176.83|1735702187|1735702187|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://qegyhig.com/login.php

svchost.exe

Remote address:

172.67.173.131:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qegyhig.com

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 01 Jan 2025 03:29:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://qegyhig.com/login.php
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6KDkul9LxUmYG1aNB8EVk%2BX8O2J7f2rGjkD77c0Zj2dIpv071GdlUltfH6NzkQNB4zZPcRtX%2FXoDl5wuvQBnPPMB3psGum8O2nSCUIpCKukxIfRWSVSthwKg527Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6d5ad96c3db2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=0&min_rtt=4294967295&rtt_var=750000&sent=1&recv=2&lost=0&retrans=1&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://qegyhig.com/login.php

svchost.exe

Remote address:

172.67.173.131:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qegyhig.com

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 01 Jan 2025 03:29:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://qegyhig.com/login.php
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TaPTPYVq1Lp7S8yE5Ac%2FaBByc2t07GEYQ6KD6flREfLw8NBK4Hfeu4Qaid7pCKTvPPOyahvFjAMZGACJFnnJEg9%2Bky2EE%2F3LuBnVHwO81LPpxqGzotQjBvCj8P6H6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6d702b953db2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=65555&min_rtt=65494&rtt_var=32777&sent=4&recv=4&lost=0&retrans=1&sent_bytes=997&recv_bytes=486&delivery_rate=41400&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://qetyfuv.com/login.php

svchost.exe

Remote address:

44.221.84.105:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qetyfuv.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 01 Jan 2025 03:29:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ba4057df76623298d4e05da2a96139eb|181.215.176.83|1735702188|1735702188|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://lymyxid.com/login.php

svchost.exe

Remote address:

3.94.10.34:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lymyxid.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 01 Jan 2025 03:29:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0bab7ebae3fad44fb909a60245bac1e9|181.215.176.83|1735702190|1735702190|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://vocyzit.com/login.php

svchost.exe

Remote address:

44.221.84.105:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vocyzit.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 01 Jan 2025 03:29:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0a52ef98a96d262de69194f9b7be09d4|181.215.176.83|1735702190|1735702190|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://puzylyp.com/login.php

svchost.exe

Remote address:

99.83.170.3:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: puzylyp.com

Response

HTTP/1.1 308 Permanent Redirect

Connection: close
Location: https://puzylyp.com/login.php
Server: Caddy
Date: Wed, 01 Jan 2025 03:29:53 GMT
Content-Length: 0
DNS

lysyfyj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysyfyj.com

IN A

Response
GET

http://gadyniw.com/login.php

svchost.exe

Remote address:

154.212.231.82:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gadyniw.com

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 01 Jan 2025 03:29:47 GMT
Content-Type: text/html
Content-Length: 548
Connection: keep-alive
GET

http://gadyniw.com/login.php

svchost.exe

Remote address:

154.212.231.82:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gadyniw.com

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 01 Jan 2025 03:29:49 GMT
Content-Type: text/html
Content-Length: 548
Connection: keep-alive
DNS

lyvyxor.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvyxor.com

IN A

Response
DNS

ww8.galyqaz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ww8.galyqaz.com

IN A

Response

ww8.galyqaz.com

IN CNAME

deliver.trafficmotor.com

deliver.trafficmotor.com

IN A

198.58.118.167

deliver.trafficmotor.com

IN A

45.33.23.183

deliver.trafficmotor.com

IN A

96.126.123.244

deliver.trafficmotor.com

IN A

45.33.20.235

deliver.trafficmotor.com

IN A

45.33.30.197

deliver.trafficmotor.com

IN A

45.33.18.44

deliver.trafficmotor.com

IN A

45.79.19.196

deliver.trafficmotor.com

IN A

72.14.178.174

deliver.trafficmotor.com

IN A

45.33.2.79

deliver.trafficmotor.com

IN A

45.56.79.23

deliver.trafficmotor.com

IN A

173.255.194.134

deliver.trafficmotor.com

IN A

72.14.185.43
GET

http://ww8.galyqaz.com/

svchost.exe

Remote address:

198.58.118.167:80

Request

GET / HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Keep-Alive
Host: ww8.galyqaz.com

Response

HTTP/1.1 403 Forbidden

server: openresty/1.13.6.1
date: Wed, 01 Jan 2025 03:29:49 GMT
content-type: text/html
content-length: 577
x-fail-reason: Bad Actor
connection: close
GET

https://qegyhig.com/login.php

svchost.exe

Remote address:

172.67.173.131:443

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Keep-Alive
Host: qegyhig.com

Response

HTTP/1.1 404 Not Found

Date: Wed, 01 Jan 2025 03:29:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F78gIaREsYJeZjI5Cm5%2F8Ryd8FHkVLlKSrAqhIlwi%2BrjcQlsA2QwesRQfBU%2Fbwdy3rKNjp%2FYjiGpZKyGD5MyEu3qHcsEOXx7EVbdOm1RZc3J1N86CT%2Ftki7gOWcj5w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6d6d3fce48bc-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=70413&min_rtt=61429&rtt_var=32876&sent=7&recv=7&lost=0&retrans=1&sent_bytes=3181&recv_bytes=584&delivery_rate=40654&cwnd=253&unsent_bytes=0&cid=33b189dad6a69aae&ts=2965&x=0"
DNS

c.pki.goog

svchost.exe

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.67
DNS

c.pki.goog

svchost.exe

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A
GET

http://gatyfus.com/login.php

svchost.exe

Remote address:

5.79.71.225:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gatyfus.com
GET

http://c.pki.goog/r/gsr1.crl

svchost.exe

Remote address:

142.250.179.67:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 01 Jan 2025 02:45:53 GMT
Expires: Wed, 01 Jan 2025 03:35:53 GMT
Cache-Control: public, max-age=3000
Age: 2638
Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

svchost.exe

Remote address:

142.250.179.67:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 01 Jan 2025 03:15:08 GMT
Expires: Wed, 01 Jan 2025 04:05:08 GMT
Cache-Control: public, max-age=3000
Age: 883
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

https://qegyhig.com/login.php

svchost.exe

Remote address:

172.67.173.131:443

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Keep-Alive
Host: qegyhig.com

Response

HTTP/1.1 404 Not Found

Date: Wed, 01 Jan 2025 03:29:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SqmQlfBsXiNC%2BJ48KfAUGKHL2yPvOBaNiAxgpim3SWFhCGaXap%2FbkijuFhzE41COJnZzODPi82a23OoIyBTMLewcNr4gegkb9AMMUffC%2B1%2FZ6BafajrAybJl%2F%2F2RZA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6d730c507783-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=65621&min_rtt=61798&rtt_var=16357&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3129&recv_bytes=616&delivery_rate=58358&cwnd=246&unsent_bytes=0&cid=56c723fa02134daa&ts=540&x=0"
GET

http://puzylyp.com/login.php

svchost.exe

Remote address:

99.83.170.3:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: puzylyp.com

Response

HTTP/1.1 308 Permanent Redirect

Connection: close
Location: https://puzylyp.com/login.php
Server: Caddy
Date: Wed, 01 Jan 2025 03:29:53 GMT
Content-Length: 0
GET

http://gahyqah.com/login.php

svchost.exe

Remote address:

162.255.119.102:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gahyqah.com

Response

HTTP/1.1 302 Found

Date: Wed, 01 Jan 2025 03:30:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 55
Connection: keep-alive
Location: http://www.gahyqah.com/login.php
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx
DNS

www.gahyqah.com

svchost.exe

Remote address:

8.8.8.8:53

Request

www.gahyqah.com

IN A

Response

www.gahyqah.com

IN CNAME

parkingpage.namecheap.com

parkingpage.namecheap.com

IN A

91.195.240.19
GET

http://www.gahyqah.com/login.php

svchost.exe

Remote address:

91.195.240.19:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Keep-Alive
Host: www.gahyqah.com

Response

HTTP/1.1 200 OK

date: Wed, 01 Jan 2025 03:30:09 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
last-modified: Wed, 01 Jan 2025 03:30:09 GMT
x-cache-miss-from: parking-7df97dc48-8ltqc
server: Parking/1.0
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
GET

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

Remote address:

95.100.245.144:80

Request

GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: PjrtHAukbJio72s77Ag5mA==
Last-Modified: Thu, 31 Oct 2024 23:26:09 GMT
ETag: 0x8DCFA0366D6C4CA
x-ms-request-id: 7ca9c103-d01e-0016-3fee-2ba13d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 01 Jan 2025 03:30:21 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV98c2f67d.0
ms-cv-esi: CASMicrosoftCV98c2f67d.0
X-RTag: RT
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.18.190.73

a1363.dscg.akamai.net

IN A

2.18.190.80
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

2.18.190.73:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 26 Sep 2024 02:21:11 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: +oTkvMkqpdtzWrUHEQQM3g==
Last-Modified: Thu, 12 Dec 2024 00:06:56 GMT
ETag: 0x8DD1A40E476D877
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 53f572a3-201e-003d-2d33-4c21f1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 01 Jan 2025 03:30:21 GMT
Connection: keep-alive
GET

http://gatyfus.com/login.php

svchost.exe

Remote address:

5.79.71.205:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gatyfus.com
DNS

pupydeq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupydeq.com

IN A

Response

pupydeq.com

IN A

76.223.54.146

pupydeq.com

IN A

13.248.169.48
DNS

gadyveb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadyveb.com

IN A

Response
DNS

volyjok.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volyjok.com

IN A

Response
DNS

pumytup.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumytup.com

IN A

Response
DNS

qekyhil.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekyhil.com

IN A

Response
DNS

ganyrys.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganyrys.com

IN A

Response
DNS

lysyvan.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysyvan.com

IN A

Response

lysyvan.com

IN A

104.21.112.1

lysyvan.com

IN A

104.21.48.1

lysyvan.com

IN A

104.21.32.1

lysyvan.com

IN A

104.21.64.1

lysyvan.com

IN A

104.21.96.1

lysyvan.com

IN A

104.21.80.1

lysyvan.com

IN A

104.21.16.1
DNS

vopycom.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopycom.com

IN A

Response
DNS

pujygul.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujygul.com

IN A

Response
DNS

lyvywed.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvywed.com

IN A

Response
DNS

qetyxiq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetyxiq.com

IN A

Response
DNS

gahyfyz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahyfyz.com

IN A

Response
DNS

vocyqaf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocyqaf.com

IN A

Response
DNS

puryxuq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puryxuq.com

IN A

Response
DNS

qexyqog.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexyqog.com

IN A

Response
DNS

gaqyzuw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqyzuw.com

IN A

Response
DNS

vofydac.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofydac.com

IN A

Response
DNS

ganyzub.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganyzub.com

IN A

Response
DNS

vopydek.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopydek.com

IN A

Response
DNS

puzymig.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzymig.com

IN A

Response
DNS

pujymip.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujymip.com

IN A

Response
DNS

lymylyr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymylyr.com

IN A

Response
DNS

lykymox.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykymox.com

IN A

Response
DNS

qetysal.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetysal.com

IN A

Response
DNS

qebylug.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebylug.com

IN A

Response
DNS

gahynus.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahynus.com

IN A

Response
DNS

vojymic.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojymic.com

IN A

Response
DNS

vocykem.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocykem.com

IN A

Response
DNS

puvylyg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvylyg.com

IN A

Response
DNS

purypol.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purypol.com

IN A

Response
DNS

lyrysor.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyrysor.com

IN A

Response

lyrysor.com

IN CNAME

zz1985.qu200.com

zz1985.qu200.com

IN CNAME

gtm-sg-6l13ukk0m05.qu200.com

gtm-sg-6l13ukk0m05.qu200.com

IN A

61.158.134.198
DNS

lygynud.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygynud.com

IN A

Response

lygynud.com

IN A

3.94.10.34
DNS

qegynuv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegynuv.com

IN A

Response
DNS

gaqypiz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqypiz.com

IN A

Response
DNS

gacykeh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacykeh.com

IN A

Response
DNS

vofybyf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofybyf.com

IN A

Response
DNS

vowypit.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowypit.com

IN A

Response
DNS

puzyjoq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzyjoq.com

IN A

Response
DNS

gatydaw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatydaw.com

IN A

Response
DNS

lymytux.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymytux.com

IN A

Response
DNS

lyxyjaj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxyjaj.com

IN A

Response
DNS

qedyveg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedyveg.com

IN A

Response
DNS

galyhiw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galyhiw.com

IN A

Response
DNS

vonyryc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonyryc.com

IN A

Response
DNS

pupycag.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupycag.com

IN A

Response

pupycag.com

IN A

34.227.7.138
DNS

lykygur.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykygur.com

IN A

Response
DNS

qebyrev.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebyrev.com

IN A

Response
DNS

gatycoh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatycoh.com

IN A

Response
DNS

vojygut.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojygut.com

IN A

Response
DNS

puvywav.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvywav.com

IN A

Response
DNS

lyryxij.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyryxij.com

IN A

Response
DNS

gacyqob.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacyqob.com

IN A

Response
DNS

lygyfex.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygyfex.com

IN A

Response
DNS

vowyzuk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowyzuk.com

IN A

Response
DNS

pufydep.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufydep.com

IN A

Response
DNS

lyxymin.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxymin.com

IN A

Response
DNS

qeqylyl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqylyl.com

IN A

Response
DNS

gadydas.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadydas.com

IN A

Response
DNS

volymum.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volymum.com

IN A

Response
DNS

lyvylyn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvylyn.com

IN A

Response
DNS

qexykaq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexykaq.com

IN A

Response
DNS

qegyfyp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegyfyp.com

IN A

Response
DNS

pufybyv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufybyv.com

IN A

Response
GET

http://pupydeq.com/login.php

svchost.exe

Remote address:

76.223.54.146:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: pupydeq.com

Response

HTTP/1.1 500 Internal Server Error

content-length: 97
cache-control: no-cache
content-type: text/html
GET

http://pupydeq.com/login.php

svchost.exe

Remote address:

76.223.54.146:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: pupydeq.com

Response

HTTP/1.1 500 Internal Server Error

content-length: 97
cache-control: no-cache
content-type: text/html
GET

http://lysyvan.com/login.php

svchost.exe

Remote address:

104.21.112.1:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lysyvan.com

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 01 Jan 2025 03:31:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://lysyvan.com/login.php
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yCGbysjU2ZwhpiODFdH8yp9iHmMLwnhxzodxdVx5sAwxBKOXSB1G8As262dOydRFmZE%2BTrIgXkBkARAQ9rlOOZ3ClVhQ%2F25GrfD2EALS3TNOsJ26u6kn2NvxyyBGww%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6f9cae87ef45-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59337&min_rtt=59337&rtt_var=29668&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://lysyvan.com/login.php

svchost.exe

Remote address:

104.21.112.1:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lysyvan.com

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 01 Jan 2025 03:31:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://lysyvan.com/login.php
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yb9Rtp3SgcN7BUIJdCtbEckhifxGl7wvxljTTf%2Fs26pZtU%2BYy6W3Zy5hgegWkOaiVxfTIwkCbGmaN8PURmrOtk6mNjfYbucvqsOi0aIvz05k%2Fu4%2Bzrs1Iqg99QlM0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6fa3386def45-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=84977&min_rtt=59337&rtt_var=67949&sent=5&recv=6&lost=0&retrans=0&sent_bytes=995&recv_bytes=486&delivery_rate=45484&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://pupycag.com/login.php

svchost.exe

Remote address:

34.227.7.138:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: pupycag.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 01 Jan 2025 03:31:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bb5d330c8e92ad5e1ac048129a0d64d6|181.215.176.83|1735702281|1735702281|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://lygynud.com/login.php

svchost.exe

Remote address:

3.94.10.34:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lygynud.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 01 Jan 2025 03:31:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4a5f5fdd28a8e56c3b8d7d615c5ece1d|181.215.176.83|1735702282|1735702282|0|1|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

https://lysyvan.com/login.php

svchost.exe

Remote address:

104.21.112.1:443

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Keep-Alive
Host: lysyvan.com

Response

HTTP/1.1 404 Not Found

Date: Wed, 01 Jan 2025 03:31:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
server-timing: amp_sanitizer;dur="32.8",amp_style_sanitizer;dur="16.4",amp_tag_and_attribute_sanitizer;dur="10.0",amp_optimizer;dur="4.8"
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KtsRg32iqHHV0Nbamvvn%2BElQij2FzMDyQGEIU3YYVzNjHdkwvBrcOntpwwC244XqObNbDD%2FHbjUcNUMU1aSTs25cRHVAIyi%2BIxd6%2F%2FfMK6LJB3wjz7vw5n9DH%2BZM%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6f9fc878957e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=66377&min_rtt=59499&rtt_var=25800&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3128&recv_bytes=584&delivery_rate=60982&cwnd=244&unsent_bytes=0&cid=3fcff8f0b84a5711&ts=660&x=0"
GET

https://lysyvan.com/login.php

svchost.exe

Remote address:

104.21.112.1:443

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Keep-Alive
Host: lysyvan.com

Response

HTTP/1.1 404 Not Found

Date: Wed, 01 Jan 2025 03:31:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
server-timing: amp_sanitizer;dur="67.6",amp_style_sanitizer;dur="36.6",amp_tag_and_attribute_sanitizer;dur="27.9",amp_optimizer;dur="7.9"
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uoBU04k1EpyeZF%2FqhP7bIGeIC7eEZIqPYE4nvePrsFI0ZWLQILROgCV9zwQ5l5cpBU61a0aSJzLQVNb9bpOLFiTjJBn5Q5o6GZWoV4Avqw0VqzxkzCsRY09%2BC44PEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8faf6fa58e629485-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59193&min_rtt=59121&rtt_var=22315&sent=3&recv=5&lost=0&retrans=0&sent_bytes=143&recv_bytes=541&delivery_rate=22730&cwnd=250&unsent_bytes=0&cid=4894e36f95f0e0a3&ts=545&x=0"
DNS

pumylel.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumylel.com

IN A

Response
DNS

lysysod.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysysod.com

IN A

Response
DNS

qekynuq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekynuq.com

IN A

Response
DNS

vopypif.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopypif.com

IN A

Response
DNS

ganykaz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganykaz.com

IN A

Response
DNS

gahyvew.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahyvew.com

IN A

Response
DNS

qetytug.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetytug.com

IN A

Response
DNS

lyvyjox.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvyjox.com

IN A

Response
DNS

pujybyq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujybyq.com

IN A

Response
DNS

vocyjic.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocyjic.com

IN A

Response
DNS

purytyg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purytyg.com

IN A

Response
DNS

qexyhuv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexyhuv.com

IN A

Response
DNS

gaqyreh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqyreh.com

IN A

Response
DNS

lygyvar.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygyvar.com

IN A

Response
DNS

vofycot.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofycot.com

IN A

Response

vofycot.com

IN A

103.224.182.252
DNS

galyfyb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galyfyb.com

IN A

Response
DNS

vonyqok.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonyqok.com

IN A

Response
DNS

qeqyreq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqyreq.com

IN A

Response
DNS

gadyciz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadyciz.com

IN A

Response

gadyciz.com

IN A

44.221.84.105
DNS

volygyf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volygyf.com

IN A

Response
DNS

lykyfen.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykyfen.com

IN A

Response
DNS

pumywaq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumywaq.com

IN A

Response
DNS

qebyqil.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebyqil.com

IN A

Response
DNS

lysyxux.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysyxux.com

IN A

Response
DNS

qekyfeg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekyfeg.com

IN A

Response
DNS

puzyguv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzyguv.com

IN A

Response
DNS

ganyqow.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganyqow.com

IN A

Response
DNS

gatyzys.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyzys.com

IN A

Response
DNS

pujydag.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujydag.com

IN A

Response
DNS

vopyzuc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopyzuc.com

IN A

Response
DNS

puvymul.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvymul.com

IN A

Response
DNS

lyvymir.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvymir.com

IN A

Response
DNS

lyryled.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyryled.com

IN A

Response
DNS

qetylyv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetylyv.com

IN A

Response
DNS

gahydoh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahydoh.com

IN A

Response
DNS

gacynuz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacynuz.com

IN A

Response
DNS

vocymut.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocymut.com

IN A

Response
DNS

vowykaf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowykaf.com

IN A

Response
DNS

purylev.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purylev.com

IN A

Response
DNS

lygysij.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygysij.com

IN A

Response
DNS

qexynyp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexynyp.com

IN A

Response
DNS

lyxynyx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxynyx.com

IN A

Response

lyxynyx.com

IN CNAME

expired.namebright.com

expired.namebright.com

IN CNAME

cdl-lb-1356093980.us-east-1.elb.amazonaws.com

cdl-lb-1356093980.us-east-1.elb.amazonaws.com

IN A

54.205.192.227

cdl-lb-1356093980.us-east-1.elb.amazonaws.com

IN A

23.23.66.93
DNS

gaqykab.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqykab.com

IN A

Response
DNS

galynuh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galynuh.com

IN A

Response

galynuh.com

IN A

64.225.91.73
DNS

qedyxip.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedyxip.com

IN A

Response
DNS

pupypiv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupypiv.com

IN A

Response
DNS

lykynyj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykynyj.com

IN A

Response
DNS

pupyxup.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupyxup.com

IN A

Response
DNS

gatypub.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatypub.com

IN A

Response
DNS

puvyjop.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvyjop.com

IN A

Response
DNS

lymywaj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymywaj.com

IN A

Response
DNS

vojydam.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojydam.com

IN A

Response
DNS

qegyval.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegyval.com

IN A

Response

qegyval.com

IN A

154.85.183.50
DNS

qedysov.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedysov.com

IN A

Response
DNS

vonyket.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonyket.com

IN A

Response
DNS

gacyhis.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacyhis.com

IN A

Response
DNS

qebykap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebykap.com

IN A

Response
DNS

qegysoq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegysoq.com

IN A

Response
DNS

vowyrym.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowyrym.com

IN A

Response
DNS

pufycol.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufycol.com

IN A

Response
DNS

lyxygud.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxygud.com

IN A

Response
DNS

vojybek.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojybek.com

IN A

Response
DNS

pufypiq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufypiq.com

IN A

Response
DNS

lyrytun.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyrytun.com

IN A

Response
GET

http://gadyciz.com/login.php

svchost.exe

Remote address:

44.221.84.105:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gadyciz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 01 Jan 2025 03:32:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c04fc3c888d979089f408aaebf79204f|181.215.176.83|1735702324|1735702324|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://vofycot.com/login.php

svchost.exe

Remote address:

103.224.182.252:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: vofycot.com

Response

HTTP/1.1 302 Found

date: Wed, 01 Jan 2025 03:32:04 GMT
server: Apache
set-cookie: __tad=1735702324.7846981; expires=Sat, 30-Dec-2034 03:32:04 GMT; Max-Age=315360000
location: http://ww16.vofycot.com/login.php?sub1=20250101-1432-0462-b296-396852409b8c
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET

http://galynuh.com/login.php

svchost.exe

Remote address:

64.225.91.73:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: galynuh.com

Response

HTTP/1.1 200 OK

server: nginx/1.18.0 (Ubuntu)
date: Wed, 01 Jan 2025 03:32:04 GMT
content-type: text/html
content-length: 593
last-modified: Wed, 22 Feb 2023 21:25:52 GMT
etag: "63f68860-251"
accept-ranges: bytes
GET

http://lyxynyx.com/login.php

svchost.exe

Remote address:

54.205.192.227:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: lyxynyx.com

Response

HTTP/1.1 200 OK

Date: Wed, 01 Jan 2025 03:32:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
GET

http://qegyval.com/login.php

svchost.exe

Remote address:

154.85.183.50:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qegyval.com

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 01 Jan 2025 03:32:04 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
ETag: "663ee226-8a"
GET

http://qegyval.com/login.php

svchost.exe

Remote address:

154.85.183.50:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qegyval.com

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Wed, 01 Jan 2025 03:32:04 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
ETag: "663ee226-8a"
DNS

ww16.vofycot.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ww16.vofycot.com

IN A

Response

ww16.vofycot.com

IN CNAME

www.sedoparking.com

www.sedoparking.com

IN A

64.190.63.136
GET

http://ww16.vofycot.com/login.php?sub1=20250101-1432-0462-b296-396852409b8c

svchost.exe

Remote address:

64.190.63.136:80

Request

GET /login.php?sub1=20250101-1432-0462-b296-396852409b8c HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Keep-Alive
Host: ww16.vofycot.com
Cookie: __tad=1735702324.7846981

Response

HTTP/1.1 200 OK

date: Wed, 01 Jan 2025 03:32:04 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_F0sLOQMIyteK/+U1F/iFE+faR0vdkPd+if0M2CA/7rodmaYQ/n/R0WFlkAJO7vMtW2KrUBw3os+iBt51Ja4L6g==
last-modified: Wed, 01 Jan 2025 03:32:04 GMT
x-cache-miss-from: parking-7df97dc48-2lp8z
server: Parking/1.0
DNS

qeqykog.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqykog.com

IN A

Response
DNS

pumyjig.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumyjig.com

IN A

Response
DNS

lysytyr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysytyr.com

IN A

Response
DNS

qekyvav.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekyvav.com

IN A

Response
DNS

ganyhuh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganyhuh.com

IN A

Response
DNS

gadypuw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadypuw.com

IN A

Response
DNS

vopyret.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopyret.com

IN A

Response
DNS

pujycov.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujycov.com

IN A

Response
DNS

lyvyguj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvyguj.com

IN A

Response
DNS

volybec.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volybec.com

IN A

Response
DNS

qetyrap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetyrap.com

IN A

Response
DNS

gahycib.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahycib.com

IN A

Response
DNS

vocygyk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocygyk.com

IN A

Response
DNS

purywop.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purywop.com

IN A

Response
DNS

lygyxun.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygyxun.com

IN A

Response
DNS

qexyfel.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexyfel.com

IN A

Response
DNS

gaqyqis.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqyqis.com

IN A

Response
DNS

vofyzym.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofyzym.com

IN A

Response
DNS

puzydal.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzydal.com

IN A

Response
DNS

lymymud.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymymud.com

IN A

Response
DNS

qedyleq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedyleq.com

IN A

Response
DNS

galydoz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galydoz.com

IN A

Response
DNS

vonymuf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonymuf.com

IN A

Response
DNS

pupylaq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupylaq.com

IN A

Response
DNS

lykysix.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykysix.com

IN A

Response
DNS

qebynyg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebynyg.com

IN A

Response
DNS

gatykow.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatykow.com

IN A

Response
DNS

vojypuc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojypuc.com

IN A

Response
DNS

puvybeg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvybeg.com

IN A

Response
DNS

lyryjir.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyryjir.com

IN A

Response
DNS

qegytyv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegytyv.com

IN A

Response
DNS

gacyvah.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacyvah.com

IN A

Response
DNS

vofypuk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofypuk.com

IN A

Response
DNS

puzybep.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzybep.com

IN A

Response
DNS

lymyjon.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymyjon.com

IN A

Response
DNS

qedytul.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedytul.com

IN A

Response
DNS

galyvas.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galyvas.com

IN A

Response
DNS

vonyjim.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonyjim.com

IN A

Response
DNS

pupytyl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupytyl.com

IN A

Response
DNS

lykyvod.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykyvod.com

IN A

Response
DNS

qebyhuq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebyhuq.com

IN A

Response
DNS

gatyrez.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyrez.com

IN A

Response
DNS

vojycif.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojycif.com

IN A

Response
DNS

puvygyq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvygyq.com

IN A

Response
DNS

lyrywax.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyrywax.com

IN A

Response
DNS

qegyxug.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegyxug.com

IN A

Response
DNS

gacyfew.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacyfew.com

IN A

Response
DNS

vowyqoc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowyqoc.com

IN A

Response
DNS

pufyxug.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufyxug.com

IN A

Response
DNS

lyxyfar.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxyfar.com

IN A

Response
DNS

qeqyqiv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqyqiv.com

IN A

Response
DNS

gadyzyh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadyzyh.com

IN A

Response
DNS

volydot.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volydot.com

IN A

Response
DNS

pumymuv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumymuv.com

IN A

Response
DNS

lysylej.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysylej.com

IN A

Response
DNS

qekysip.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekysip.com

IN A

Response
DNS

ganynyb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganynyb.com

IN A

Response
DNS

pujypup.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujypup.com

IN A

Response
DNS

lyvynen.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvynen.com

IN A

Response
DNS

vopykak.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopykak.com

IN A

Response
DNS

qetykol.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetykol.com

IN A

Response
DNS

gahypus.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahypus.com

IN A

Response
DNS

vocybam.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocybam.com

IN A

Response
DNS

puryjil.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puryjil.com

IN A

Response
DNS

vopyqim.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopyqim.com

IN A

Response
DNS

pujyxyl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujyxyl.com

IN A

Response
DNS

lyvyfad.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvyfad.com

IN A

Response
DNS

qetyquq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetyquq.com

IN A

Response
DNS

gahyzez.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gahyzez.com

IN A

Response
DNS

vocydof.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vocydof.com

IN A

Response
DNS

lygylax.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygylax.com

IN A

Response
DNS

purymuq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

purymuq.com

IN A

Response
DNS

qexysig.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexysig.com

IN A

Response
DNS

gaqynyw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqynyw.com

IN A

Response
DNS

lymyner.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymyner.com

IN A

Response
DNS

vofykoc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofykoc.com

IN A

Response
DNS

puzypug.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzypug.com

IN A

Response
DNS

qedykiv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedykiv.com

IN A

Response
DNS

galypyh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galypyh.com

IN A

Response
DNS

vonybat.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonybat.com

IN A

Response
DNS

pupyjuv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupyjuv.com

IN A

Response
DNS

lykytej.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykytej.com

IN A

Response
DNS

qebyvop.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebyvop.com

IN A

Response
DNS

gatyhub.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyhub.com

IN A

Response
DNS

vojyrak.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojyrak.com

IN A

Response
DNS

puvycip.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvycip.com

IN A

Response
DNS

vowyjut.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowyjut.com

IN A

Response
DNS

lyxyvoj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxyvoj.com

IN A

Response
DNS

pufytev.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufytev.com

IN A

Response
DNS

gadyrab.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadyrab.com

IN A

Response
DNS

qeqyhup.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqyhup.com

IN A

Response
DNS

pumygyp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumygyp.com

IN A

Response
DNS

volycik.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volycik.com

IN A

Response
DNS

lysywon.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysywon.com

IN A

Response
DNS

ganyfes.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganyfes.com

IN A

Response
DNS

lygytyd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lygytyd.com

IN A

Response
DNS

qexyvoq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qexyvoq.com

IN A

Response
DNS

gaqyhuz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaqyhuz.com

IN A

Response
DNS

puzyciq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puzyciq.com

IN A

Response
DNS

vofyref.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vofyref.com

IN A

Response
DNS

lymygyx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lymygyx.com

IN A

Response
DNS

qedyrag.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qedyrag.com

IN A

Response
DNS

galycuw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

galycuw.com

IN A

Response
DNS

vonygec.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vonygec.com

IN A

Response
DNS

pupywog.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pupywog.com

IN A

Response
DNS

lykyxur.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lykyxur.com

IN A

Response
DNS

qebyfav.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qebyfav.com

IN A

Response
DNS

gatyqih.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gatyqih.com

IN A

Response
DNS

vojyzyt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vojyzyt.com

IN A

Response
DNS

puvydov.com

svchost.exe

Remote address:

8.8.8.8:53

Request

puvydov.com

IN A

Response
DNS

qegylep.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qegylep.com

IN A

Response
DNS

gacydib.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gacydib.com

IN A

Response
DNS

vowymyk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vowymyk.com

IN A

Response
DNS

pufylap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pufylap.com

IN A

Response
DNS

lyxysun.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyxysun.com

IN A

Response
DNS

qeqynel.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qeqynel.com

IN A

Response
DNS

gadykos.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadykos.com

IN A

Response
DNS

volypum.com

svchost.exe

Remote address:

8.8.8.8:53

Request

volypum.com

IN A

Response
DNS

pumybal.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pumybal.com

IN A

Response
DNS

lysyjid.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lysyjid.com

IN A

Response
DNS

qekytyq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekytyq.com

IN A

Response
DNS

ganyvoz.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ganyvoz.com

IN A

Response
DNS

vopyjuf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vopyjuf.com

IN A

Response
DNS

pujyteq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pujyteq.com

IN A

Response
DNS

lyvyvix.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyvyvix.com

IN A

Response
DNS

qekyxul.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qekyxul.com

IN A

Response
DNS

qetyhyg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qetyhyg.com

IN A

Response

qetyhyg.com

IN A

64.225.91.73
DNS

lyrymuj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lyrymuj.com

IN A

Response
GET

http://qetyhyg.com/login.php

svchost.exe

Remote address:

64.225.91.73:80

Request

GET /login.php HTTP/1.1
Referer: http://www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: qetyhyg.com

Response

HTTP/1.1 200 OK

server: nginx/1.18.0 (Ubuntu)
date: Wed, 01 Jan 2025 03:32:13 GMT
content-type: text/html
content-length: 593
last-modified: Wed, 22 Feb 2023 21:25:52 GMT
etag: "63f68860-251"
accept-ranges: bytes

95.101.143.201:80

www.bing.com

svchost.exe

236 B
92 B
5
2
199.191.50.83:80

http://galyqaz.com/login.php

http

svchost.exe

1.3kB
13.0kB
13
13

HTTP Request

GET http://galyqaz.com/login.php

HTTP Response

302

HTTP Request

GET http://galyqaz.com/login.php

HTTP Response

200
34.227.7.138:80

http://vonypom.com/login.php

http

svchost.exe

611 B
619 B
8
5

HTTP Request

GET http://vonypom.com/login.php

HTTP Response

200
172.67.173.131:80

http://qegyhig.com/login.php

http

svchost.exe

1.5kB
2.4kB
12
10

HTTP Request

GET http://qegyhig.com/login.php

HTTP Response

301

HTTP Request

GET http://qegyhig.com/login.php

HTTP Response

301
44.221.84.105:80

http://qetyfuv.com/login.php

http

svchost.exe

519 B
627 B
6
5

HTTP Request

GET http://qetyfuv.com/login.php

HTTP Response

200
3.94.10.34:80

http://lymyxid.com/login.php

http

svchost.exe

525 B
627 B
6
5

HTTP Request

GET http://lymyxid.com/login.php

HTTP Response

200
44.221.84.105:80

http://vocyzit.com/login.php

http

svchost.exe

571 B
627 B
7
5

HTTP Request

GET http://vocyzit.com/login.php

HTTP Response

200
99.83.170.3:80

http://puzylyp.com/login.php

http

svchost.exe

854 B
418 B
8
6

HTTP Request

GET http://puzylyp.com/login.php

HTTP Response

308
154.212.231.82:80

http://gadyniw.com/login.php

http

svchost.exe

1.3kB
2.4kB
12
7

HTTP Request

GET http://gadyniw.com/login.php

HTTP Response

404

HTTP Request

GET http://gadyniw.com/login.php

HTTP Response

404
23.253.46.64:80

gahyqah.com

svchost.exe

152 B
3
198.58.118.167:80

http://ww8.galyqaz.com/

http

svchost.exe

1.1kB
931 B
8
4

HTTP Request

GET http://ww8.galyqaz.com/

HTTP Response

403
172.67.173.131:443

https://qegyhig.com/login.php

tls, http

svchost.exe

3.9kB
82.0kB
60
70

HTTP Request

GET https://qegyhig.com/login.php

HTTP Response

404
5.79.71.225:80

http://gatyfus.com/login.php

http

svchost.exe

810 B
84 B
7
2

HTTP Request

GET http://gatyfus.com/login.php
142.250.179.67:80

http://c.pki.goog/r/r4.crl

http

svchost.exe

554 B
3.8kB
7
5

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
172.67.173.131:443

https://qegyhig.com/login.php

tls, http

svchost.exe

3.5kB
72.4kB
62
67

HTTP Request

GET https://qegyhig.com/login.php

HTTP Response

404
99.83.170.3:80

http://puzylyp.com/login.php

http

svchost.exe

519 B
418 B
6
6

HTTP Request

GET http://puzylyp.com/login.php

HTTP Response

308
162.255.119.102:80

http://gahyqah.com/login.php

http

svchost.exe

795 B
475 B
12
4

HTTP Request

GET http://gahyqah.com/login.php

HTTP Response

302
91.195.240.19:80

http://www.gahyqah.com/login.php

http

svchost.exe

1.2kB
26.3kB
21
22

HTTP Request

GET http://www.gahyqah.com/login.php

HTTP Response

200
95.100.245.144:80

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

http

393 B
1.7kB
4
4

HTTP Request

GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

HTTP Response

200
2.18.190.73:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

399 B
1.7kB
4
4

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200
5.79.71.225:80

gatyfus.com

svchost.exe

152 B
3
5.79.71.205:80

http://gatyfus.com/login.php

http

svchost.exe

479 B
88 B
5
2

HTTP Request

GET http://gatyfus.com/login.php
76.223.54.146:80

http://pupydeq.com/login.php

http

svchost.exe

854 B
622 B
8
5

HTTP Request

GET http://pupydeq.com/login.php

HTTP Response

500

HTTP Request

GET http://pupydeq.com/login.php

HTTP Response

500
104.21.112.1:80

http://lysyvan.com/login.php

http

svchost.exe

848 B
2.4kB
8
9

HTTP Request

GET http://lysyvan.com/login.php

HTTP Response

301

HTTP Request

GET http://lysyvan.com/login.php

HTTP Response

301
34.227.7.138:80

http://pupycag.com/login.php

http

svchost.exe

473 B
627 B
5
5

HTTP Request

GET http://pupycag.com/login.php

HTTP Response

200
3.94.10.34:80

http://lygynud.com/login.php

http

svchost.exe

473 B
627 B
5
5

HTTP Request

GET http://lygynud.com/login.php

HTTP Response

200
61.158.134.198:80

lyrysor.com

svchost.exe

152 B
3
104.21.112.1:443

https://lysyvan.com/login.php

tls, http

svchost.exe

1.8kB
50.9kB
27
46

HTTP Request

GET https://lysyvan.com/login.php

HTTP Response

404
104.21.112.1:443

https://lysyvan.com/login.php

tls, http

svchost.exe

1.7kB
47.7kB
25
41

HTTP Request

GET https://lysyvan.com/login.php

HTTP Response

404
61.158.134.198:80

lyrysor.com

svchost.exe

152 B
3
44.221.84.105:80

http://gadyciz.com/login.php

http

svchost.exe

473 B
627 B
5
5

HTTP Request

GET http://gadyciz.com/login.php

HTTP Response

200
103.224.182.252:80

http://vofycot.com/login.php

http

svchost.exe

473 B
510 B
5
4

HTTP Request

GET http://vofycot.com/login.php

HTTP Response

302
64.225.91.73:80

http://galynuh.com/login.php

http

svchost.exe

427 B
948 B
4
3

HTTP Request

GET http://galynuh.com/login.php

HTTP Response

200
54.205.192.227:80

http://lyxynyx.com/login.php

http

svchost.exe

841 B
13.2kB
13
12

HTTP Request

GET http://lyxynyx.com/login.php

HTTP Response

200
154.85.183.50:80

http://qegyval.com/login.php

http

svchost.exe

710 B
786 B
5
4

HTTP Request

GET http://qegyval.com/login.php

HTTP Response

404

HTTP Request

GET http://qegyval.com/login.php

HTTP Response

404
64.190.63.136:80

http://ww16.vofycot.com/login.php?sub1=20250101-1432-0462-b296-396852409b8c

http

svchost.exe

1.3kB
26.6kB
20
22

HTTP Request

GET http://ww16.vofycot.com/login.php?sub1=20250101-1432-0462-b296-396852409b8c

HTTP Response

200
64.225.91.73:80

http://qetyhyg.com/login.php

http

svchost.exe

427 B
948 B
4
3

HTTP Request

GET http://qetyhyg.com/login.php

HTTP Response

200

8.8.8.8:53

gatyfus.com

dns

svchost.exe

228 B
185 B
4
1

DNS Request

gatyfus.com

DNS Request

gatyfus.com

DNS Request

gatyfus.com

DNS Request

gatyfus.com

DNS Response

5.79.71.225

5.79.71.205

85.17.31.82

178.162.203.211

178.162.203.226

178.162.217.107

85.17.31.122

178.162.203.202
8.8.8.8:53

qegyqaq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qegyqaq.com
8.8.8.8:53

puvyxil.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvyxil.com
8.8.8.8:53

vojyqem.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojyqem.com
8.8.8.8:53

lyryfyd.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyryfyd.com
8.8.8.8:53

gacyzuz.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

gacyzuz.com

DNS Request

gacyzuz.com
8.8.8.8:53

vowydef.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowydef.com
8.8.8.8:53

pufymoq.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

pufymoq.com

DNS Request

pufymoq.com
8.8.8.8:53

lyxylux.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

lyxylux.com

DNS Request

lyxylux.com
8.8.8.8:53

qeqysag.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqysag.com
8.8.8.8:53

gadyniw.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

gadyniw.com

DNS Response

154.212.231.82
8.8.8.8:53

volykyc.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volykyc.com
8.8.8.8:53

pumypog.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

pumypog.com

DNS Request

pumypog.com
8.8.8.8:53

lysynur.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

lysynur.com

DNS Request

lysynur.com
8.8.8.8:53

qekykev.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

qekykev.com

DNS Request

qekykev.com
8.8.8.8:53

ganypih.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganypih.com
8.8.8.8:53

vopybyt.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopybyt.com
8.8.8.8:53

pujyjav.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujyjav.com
8.8.8.8:53

lyvytuj.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

lyvytuj.com

DNS Request

lyvytuj.com
8.8.8.8:53

qetyvep.com

dns

svchost.exe

171 B
260 B
3
2

DNS Request

qetyvep.com

DNS Request

qetyvep.com

DNS Request

qeqytup.com
8.8.8.8:53

gahyhob.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahyhob.com
8.8.8.8:53

vocyruk.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocyruk.com
8.8.8.8:53

purycap.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

purycap.com

DNS Request

purycap.com
8.8.8.8:53

lygygin.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

lygygin.com

DNS Request

lygygin.com
8.8.8.8:53

qexyryl.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexyryl.com
8.8.8.8:53

gaqycos.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqycos.com
8.8.8.8:53

vofygum.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofygum.com
8.8.8.8:53

puzywel.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

puzywel.com

DNS Request

puzywel.com
8.8.8.8:53

lymyxid.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

lymyxid.com

DNS Response

3.94.10.34
8.8.8.8:53

qedyfyq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedyfyq.com
8.8.8.8:53

galyqaz.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

galyqaz.com

DNS Response

199.191.50.83
8.8.8.8:53

vonyzuf.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonyzuf.com
8.8.8.8:53

lyvyxor.com

dns

svchost.exe

57 B
57 B
1
1

DNS Request

lyvyxor.com
8.8.8.8:53

qetyfuv.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

qetyfuv.com

DNS Response

44.221.84.105
8.8.8.8:53

gahyqah.com

dns

svchost.exe

114 B
89 B
2
1

DNS Request

gahyqah.com

DNS Request

gahyqah.com

DNS Response

23.253.46.64

162.255.119.102
8.8.8.8:53

vocyzit.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

vocyzit.com

DNS Response

44.221.84.105
8.8.8.8:53

purydyv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

purydyv.com
8.8.8.8:53

lygymoj.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lygymoj.com
8.8.8.8:53

qexylup.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexylup.com
8.8.8.8:53

gaqydeb.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqydeb.com
8.8.8.8:53

vofymik.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofymik.com
8.8.8.8:53

puzylyp.com

dns

svchost.exe

57 B
89 B
1
1

DNS Request

puzylyp.com

DNS Response

99.83.170.3

75.2.71.199
8.8.8.8:53

lymysan.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymysan.com
8.8.8.8:53

qedynul.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedynul.com
8.8.8.8:53

galykes.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

galykes.com
8.8.8.8:53

vonypom.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

vonypom.com

DNS Response

34.227.7.138
8.8.8.8:53

pupybul.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

pupybul.com

DNS Request

pupybul.com
8.8.8.8:53

lykyjad.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykyjad.com
8.8.8.8:53

qebytiq.com

dns

svchost.exe

114 B
130 B
2
1

DNS Request

qebytiq.com

DNS Request

qebytiq.com
8.8.8.8:53

gatyvyz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatyvyz.com
8.8.8.8:53

vojyjof.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojyjof.com
8.8.8.8:53

puvytuq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvytuq.com
8.8.8.8:53

lyryvex.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyryvex.com
8.8.8.8:53

qegyhig.com

dns

svchost.exe

57 B
89 B
1
1

DNS Request

qegyhig.com

DNS Response

172.67.173.131

104.21.30.183
8.8.8.8:53

gacyryw.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacyryw.com
8.8.8.8:53

vowycac.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowycac.com
8.8.8.8:53

pufygug.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufygug.com
8.8.8.8:53

lyxywer.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyxywer.com
8.8.8.8:53

qeqyxov.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqyxov.com
8.8.8.8:53

gadyfuh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gadyfuh.com
8.8.8.8:53

volyqat.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volyqat.com
8.8.8.8:53

pumyxiv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumyxiv.com
8.8.8.8:53

lysyfyj.com

dns

svchost.exe

57 B
57 B
1
1

DNS Request

lysyfyj.com
8.8.8.8:53

qekyqop.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekyqop.com
8.8.8.8:53

lysyfyj.com

dns

svchost.exe

57 B
57 B
1
1

DNS Request

lysyfyj.com
8.8.8.8:53

lyvyxor.com

dns

svchost.exe

57 B
57 B
1
1

DNS Request

lyvyxor.com
8.8.8.8:53

ww8.galyqaz.com

dns

svchost.exe

61 B
288 B
1
1

DNS Request

ww8.galyqaz.com

DNS Response

198.58.118.167

45.33.23.183

96.126.123.244

45.33.20.235

45.33.30.197

45.33.18.44

45.79.19.196

72.14.178.174

45.33.2.79

45.56.79.23

173.255.194.134

72.14.185.43
8.8.8.8:53

c.pki.goog

dns

svchost.exe

112 B
107 B
2
1

DNS Request

c.pki.goog

DNS Request

c.pki.goog

DNS Response

142.250.179.67
8.8.8.8:53

www.gahyqah.com

dns

svchost.exe

61 B
113 B
1
1

DNS Request

www.gahyqah.com

DNS Response

91.195.240.19
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.18.190.73

2.18.190.80
8.8.8.8:53

pupydeq.com

dns

svchost.exe

57 B
89 B
1
1

DNS Request

pupydeq.com

DNS Response

76.223.54.146

13.248.169.48
8.8.8.8:53

gadyveb.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gadyveb.com
8.8.8.8:53

volyjok.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volyjok.com
8.8.8.8:53

pumytup.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumytup.com
8.8.8.8:53

qekyhil.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekyhil.com
8.8.8.8:53

ganyrys.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganyrys.com
8.8.8.8:53

lysyvan.com

dns

svchost.exe

57 B
169 B
1
1

DNS Request

lysyvan.com

DNS Response

104.21.112.1

104.21.48.1

104.21.32.1

104.21.64.1

104.21.96.1

104.21.80.1

104.21.16.1
8.8.8.8:53

vopycom.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopycom.com
8.8.8.8:53

pujygul.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujygul.com
8.8.8.8:53

lyvywed.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvywed.com
8.8.8.8:53

qetyxiq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qetyxiq.com
8.8.8.8:53

gahyfyz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahyfyz.com
8.8.8.8:53

vocyqaf.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocyqaf.com
8.8.8.8:53

puryxuq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puryxuq.com
8.8.8.8:53

qexyqog.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexyqog.com
8.8.8.8:53

gaqyzuw.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqyzuw.com
8.8.8.8:53

vofydac.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofydac.com
8.8.8.8:53

ganyzub.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganyzub.com
8.8.8.8:53

vopydek.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopydek.com
8.8.8.8:53

puzymig.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puzymig.com
8.8.8.8:53

pujymip.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujymip.com
8.8.8.8:53

lymylyr.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymylyr.com
8.8.8.8:53

lykymox.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykymox.com
8.8.8.8:53

qetysal.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qetysal.com
8.8.8.8:53

qebylug.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebylug.com
8.8.8.8:53

gahynus.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahynus.com
8.8.8.8:53

vojymic.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojymic.com
8.8.8.8:53

vocykem.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocykem.com
8.8.8.8:53

puvylyg.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvylyg.com
8.8.8.8:53

purypol.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

purypol.com
8.8.8.8:53

lyrysor.com

dns

svchost.exe

57 B
133 B
1
1

DNS Request

lyrysor.com

DNS Response

61.158.134.198
8.8.8.8:53

lygynud.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

lygynud.com

DNS Response

3.94.10.34
8.8.8.8:53

qegynuv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qegynuv.com
8.8.8.8:53

gaqypiz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqypiz.com
8.8.8.8:53

gacykeh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacykeh.com
8.8.8.8:53

vofybyf.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofybyf.com
8.8.8.8:53

vowypit.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowypit.com
8.8.8.8:53

puzyjoq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puzyjoq.com
8.8.8.8:53

gatydaw.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatydaw.com
8.8.8.8:53

lymytux.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymytux.com
8.8.8.8:53

lyxyjaj.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyxyjaj.com
8.8.8.8:53

qedyveg.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedyveg.com
8.8.8.8:53

galyhiw.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

galyhiw.com
8.8.8.8:53

vonyryc.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonyryc.com
8.8.8.8:53

pupycag.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

pupycag.com

DNS Response

34.227.7.138
8.8.8.8:53

lykygur.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykygur.com
8.8.8.8:53

qebyrev.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebyrev.com
8.8.8.8:53

gatycoh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatycoh.com
8.8.8.8:53

vojygut.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojygut.com
8.8.8.8:53

puvywav.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvywav.com
8.8.8.8:53

lyryxij.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyryxij.com
8.8.8.8:53

gacyqob.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacyqob.com
8.8.8.8:53

lygyfex.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lygyfex.com
8.8.8.8:53

vowyzuk.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowyzuk.com
8.8.8.8:53

pufydep.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufydep.com
8.8.8.8:53

lyxymin.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyxymin.com
8.8.8.8:53

qeqylyl.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqylyl.com
8.8.8.8:53

gadydas.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gadydas.com
8.8.8.8:53

volymum.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volymum.com
8.8.8.8:53

lyvylyn.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvylyn.com
8.8.8.8:53

qexykaq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexykaq.com
8.8.8.8:53

qegyfyp.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qegyfyp.com
8.8.8.8:53

pufybyv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufybyv.com
8.8.8.8:53

pumylel.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumylel.com
8.8.8.8:53

lysysod.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lysysod.com
8.8.8.8:53

qekynuq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekynuq.com
8.8.8.8:53

vopypif.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopypif.com
8.8.8.8:53

ganykaz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganykaz.com
8.8.8.8:53

gahyvew.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahyvew.com
8.8.8.8:53

qetytug.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qetytug.com
8.8.8.8:53

lyvyjox.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvyjox.com
8.8.8.8:53

pujybyq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujybyq.com
8.8.8.8:53

vocyjic.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocyjic.com
8.8.8.8:53

purytyg.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

purytyg.com
8.8.8.8:53

qexyhuv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexyhuv.com
8.8.8.8:53

gaqyreh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqyreh.com
8.8.8.8:53

lygyvar.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lygyvar.com
8.8.8.8:53

vofycot.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

vofycot.com

DNS Response

103.224.182.252
8.8.8.8:53

galyfyb.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

galyfyb.com
8.8.8.8:53

vonyqok.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonyqok.com
8.8.8.8:53

qeqyreq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqyreq.com
8.8.8.8:53

gadyciz.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

gadyciz.com

DNS Response

44.221.84.105
8.8.8.8:53

volygyf.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volygyf.com
8.8.8.8:53

lykyfen.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykyfen.com
8.8.8.8:53

pumywaq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumywaq.com
8.8.8.8:53

qebyqil.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebyqil.com
8.8.8.8:53

lysyxux.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lysyxux.com
8.8.8.8:53

qekyfeg.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekyfeg.com
8.8.8.8:53

puzyguv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puzyguv.com
8.8.8.8:53

ganyqow.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganyqow.com
8.8.8.8:53

gatyzys.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatyzys.com
8.8.8.8:53

pujydag.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujydag.com
8.8.8.8:53

vopyzuc.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopyzuc.com
8.8.8.8:53

puvymul.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvymul.com
8.8.8.8:53

lyvymir.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvymir.com
8.8.8.8:53

lyryled.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyryled.com
8.8.8.8:53

qetylyv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qetylyv.com
8.8.8.8:53

gahydoh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahydoh.com
8.8.8.8:53

gacynuz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacynuz.com
8.8.8.8:53

vocymut.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocymut.com
8.8.8.8:53

vowykaf.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowykaf.com
8.8.8.8:53

purylev.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

purylev.com
8.8.8.8:53

lygysij.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lygysij.com
8.8.8.8:53

qexynyp.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexynyp.com
8.8.8.8:53

lyxynyx.com

dns

svchost.exe

57 B
178 B
1
1

DNS Request

lyxynyx.com

DNS Response

54.205.192.227

23.23.66.93
8.8.8.8:53

gaqykab.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqykab.com
8.8.8.8:53

galynuh.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

galynuh.com

DNS Response

64.225.91.73
8.8.8.8:53

qedyxip.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedyxip.com
8.8.8.8:53

pupypiv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pupypiv.com
8.8.8.8:53

lykynyj.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykynyj.com
8.8.8.8:53

pupyxup.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pupyxup.com
8.8.8.8:53

gatypub.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatypub.com
8.8.8.8:53

puvyjop.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvyjop.com
8.8.8.8:53

lymywaj.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymywaj.com
8.8.8.8:53

vojydam.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojydam.com
8.8.8.8:53

qegyval.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

qegyval.com

DNS Response

154.85.183.50
8.8.8.8:53

qedysov.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedysov.com
8.8.8.8:53

vonyket.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonyket.com
8.8.8.8:53

gacyhis.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacyhis.com
8.8.8.8:53

qebykap.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebykap.com
8.8.8.8:53

qegysoq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qegysoq.com
8.8.8.8:53

vowyrym.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowyrym.com
8.8.8.8:53

pufycol.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufycol.com
8.8.8.8:53

lyxygud.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyxygud.com
8.8.8.8:53

vojybek.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojybek.com
8.8.8.8:53

pufypiq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufypiq.com
8.8.8.8:53

lyrytun.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyrytun.com
8.8.8.8:53

ww16.vofycot.com

dns

svchost.exe

62 B
108 B
1
1

DNS Request

ww16.vofycot.com

DNS Response

64.190.63.136
8.8.8.8:53

qeqykog.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqykog.com
8.8.8.8:53

pumyjig.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumyjig.com
8.8.8.8:53

lysytyr.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lysytyr.com
8.8.8.8:53

qekyvav.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekyvav.com
8.8.8.8:53

ganyhuh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganyhuh.com
8.8.8.8:53

gadypuw.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gadypuw.com
8.8.8.8:53

vopyret.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopyret.com
8.8.8.8:53

pujycov.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujycov.com
8.8.8.8:53

lyvyguj.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvyguj.com
8.8.8.8:53

volybec.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volybec.com
8.8.8.8:53

qetyrap.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qetyrap.com
8.8.8.8:53

gahycib.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahycib.com
8.8.8.8:53

vocygyk.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocygyk.com
8.8.8.8:53

purywop.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

purywop.com
8.8.8.8:53

lygyxun.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lygyxun.com
8.8.8.8:53

qexyfel.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexyfel.com
8.8.8.8:53

gaqyqis.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqyqis.com
8.8.8.8:53

vofyzym.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofyzym.com
8.8.8.8:53

puzydal.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puzydal.com
8.8.8.8:53

lymymud.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymymud.com
8.8.8.8:53

qedyleq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedyleq.com
8.8.8.8:53

galydoz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

galydoz.com
8.8.8.8:53

vonymuf.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonymuf.com
8.8.8.8:53

pupylaq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pupylaq.com
8.8.8.8:53

lykysix.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykysix.com
8.8.8.8:53

qebynyg.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebynyg.com
8.8.8.8:53

gatykow.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatykow.com
8.8.8.8:53

vojypuc.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojypuc.com
8.8.8.8:53

puvybeg.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvybeg.com
8.8.8.8:53

lyryjir.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyryjir.com
8.8.8.8:53

qegytyv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qegytyv.com
8.8.8.8:53

gacyvah.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacyvah.com
8.8.8.8:53

vofypuk.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofypuk.com
8.8.8.8:53

puzybep.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puzybep.com
8.8.8.8:53

lymyjon.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymyjon.com
8.8.8.8:53

qedytul.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedytul.com
8.8.8.8:53

galyvas.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

galyvas.com
8.8.8.8:53

vonyjim.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonyjim.com
8.8.8.8:53

pupytyl.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pupytyl.com
8.8.8.8:53

lykyvod.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykyvod.com
8.8.8.8:53

qebyhuq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebyhuq.com
8.8.8.8:53

gatyrez.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatyrez.com
8.8.8.8:53

vojycif.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojycif.com
8.8.8.8:53

puvygyq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvygyq.com
8.8.8.8:53

lyrywax.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyrywax.com
8.8.8.8:53

qegyxug.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qegyxug.com
8.8.8.8:53

gacyfew.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacyfew.com
8.8.8.8:53

vowyqoc.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowyqoc.com
8.8.8.8:53

pufyxug.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufyxug.com
8.8.8.8:53

lyxyfar.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyxyfar.com
8.8.8.8:53

qeqyqiv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqyqiv.com
8.8.8.8:53

gadyzyh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gadyzyh.com
8.8.8.8:53

volydot.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volydot.com
8.8.8.8:53

pumymuv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumymuv.com
8.8.8.8:53

lysylej.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lysylej.com
8.8.8.8:53

qekysip.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekysip.com
8.8.8.8:53

ganynyb.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganynyb.com
8.8.8.8:53

pujypup.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujypup.com
8.8.8.8:53

lyvynen.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvynen.com
8.8.8.8:53

vopykak.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopykak.com
8.8.8.8:53

qetykol.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qetykol.com
8.8.8.8:53

gahypus.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahypus.com
8.8.8.8:53

vocybam.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocybam.com
8.8.8.8:53

puryjil.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puryjil.com
8.8.8.8:53

vopyqim.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopyqim.com
8.8.8.8:53

pujyxyl.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujyxyl.com
8.8.8.8:53

lyvyfad.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvyfad.com
8.8.8.8:53

qetyquq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qetyquq.com
8.8.8.8:53

gahyzez.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gahyzez.com
8.8.8.8:53

vocydof.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vocydof.com
8.8.8.8:53

lygylax.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lygylax.com
8.8.8.8:53

purymuq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

purymuq.com
8.8.8.8:53

qexysig.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexysig.com
8.8.8.8:53

gaqynyw.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqynyw.com
8.8.8.8:53

lymyner.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymyner.com
8.8.8.8:53

vofykoc.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofykoc.com
8.8.8.8:53

puzypug.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puzypug.com
8.8.8.8:53

qedykiv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedykiv.com
8.8.8.8:53

galypyh.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

galypyh.com
8.8.8.8:53

vonybat.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonybat.com
8.8.8.8:53

pupyjuv.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pupyjuv.com
8.8.8.8:53

lykytej.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykytej.com
8.8.8.8:53

qebyvop.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebyvop.com
8.8.8.8:53

gatyhub.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatyhub.com
8.8.8.8:53

vojyrak.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojyrak.com
8.8.8.8:53

puvycip.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvycip.com
8.8.8.8:53

vowyjut.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowyjut.com
8.8.8.8:53

lyxyvoj.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyxyvoj.com
8.8.8.8:53

pufytev.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufytev.com
8.8.8.8:53

gadyrab.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gadyrab.com
8.8.8.8:53

qeqyhup.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqyhup.com
8.8.8.8:53

pumygyp.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumygyp.com
8.8.8.8:53

volycik.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volycik.com
8.8.8.8:53

lysywon.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lysywon.com
8.8.8.8:53

ganyfes.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganyfes.com
8.8.8.8:53

lygytyd.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lygytyd.com
8.8.8.8:53

qexyvoq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qexyvoq.com
8.8.8.8:53

gaqyhuz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gaqyhuz.com
8.8.8.8:53

puzyciq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puzyciq.com
8.8.8.8:53

vofyref.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vofyref.com
8.8.8.8:53

lymygyx.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lymygyx.com
8.8.8.8:53

qedyrag.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qedyrag.com
8.8.8.8:53

galycuw.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

galycuw.com
8.8.8.8:53

vonygec.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vonygec.com
8.8.8.8:53

pupywog.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pupywog.com
8.8.8.8:53

lykyxur.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lykyxur.com
8.8.8.8:53

qebyfav.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qebyfav.com
8.8.8.8:53

gatyqih.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gatyqih.com
8.8.8.8:53

vojyzyt.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vojyzyt.com
8.8.8.8:53

puvydov.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

puvydov.com
8.8.8.8:53

qegylep.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qegylep.com
8.8.8.8:53

gacydib.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gacydib.com
8.8.8.8:53

vowymyk.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vowymyk.com
8.8.8.8:53

pufylap.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pufylap.com
8.8.8.8:53

lyxysun.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyxysun.com
8.8.8.8:53

qeqynel.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qeqynel.com
8.8.8.8:53

gadykos.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

gadykos.com
8.8.8.8:53

volypum.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

volypum.com
8.8.8.8:53

pumybal.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pumybal.com
8.8.8.8:53

lysyjid.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lysyjid.com
8.8.8.8:53

qekytyq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekytyq.com
8.8.8.8:53

ganyvoz.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

ganyvoz.com
8.8.8.8:53

vopyjuf.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

vopyjuf.com
8.8.8.8:53

pujyteq.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

pujyteq.com
8.8.8.8:53

lyvyvix.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyvyvix.com
8.8.8.8:53

qekyxul.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

qekyxul.com
8.8.8.8:53

qetyhyg.com

dns

svchost.exe

57 B
73 B
1
1

DNS Request

qetyhyg.com

DNS Response

64.225.91.73
8.8.8.8:53

lyrymuj.com

dns

svchost.exe

57 B
130 B
1
1

DNS Request

lyrymuj.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\AppPatch\svchost.exe

Filesize
211KB

MD5
46facd54253a14f0e02f4a9023ec0377

SHA1
e26621e408db021b3cb1ceee2c9d6520b8707ffb

SHA256
8b08e3560846bfb89ee713680a060a41edf9f88767b3fd125dc96eccca825154

SHA512
4b9d0dc3582b4e4f55e41c479a68a70bb720ee5018e1983df2f31df9503efda3a0166a8bdbe0468b03f2ea3b6caab7e2aca8f159dcb07ff479875f4ac05386a5

Download Submit
memory/308-0-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/308-1-0x0000000000330000-0x0000000000382000-memory.dmp

Filesize
328KB

Download
memory/308-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/308-20-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/308-19-0x0000000000330000-0x0000000000382000-memory.dmp

Filesize
328KB

Download
memory/308-18-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2740-21-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2740-22-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2740-23-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2740-26-0x0000000002110000-0x00000000021BA000-memory.dmp

Filesize
680KB

Download
memory/2740-34-0x0000000002110000-0x00000000021BA000-memory.dmp

Filesize
680KB

Download
memory/2740-32-0x0000000002110000-0x00000000021BA000-memory.dmp

Filesize
680KB

Download
memory/2740-35-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2740-30-0x0000000002110000-0x00000000021BA000-memory.dmp

Filesize
680KB

Download
memory/2740-28-0x0000000002110000-0x00000000021BA000-memory.dmp

Filesize
680KB

Download
memory/2740-24-0x0000000002110000-0x00000000021BA000-memory.dmp

Filesize
680KB

Download
memory/2740-36-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-38-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-40-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-43-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-50-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-83-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-86-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-85-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-82-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-81-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-80-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-79-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-78-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-77-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-76-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-75-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-74-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-73-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-72-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-71-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-70-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-69-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-68-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-67-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-65-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-64-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-63-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-62-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-61-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-60-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-59-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-58-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-57-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-56-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-55-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-54-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-53-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-52-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-51-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-84-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-49-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-48-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-47-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-46-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-45-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-66-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-44-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download
memory/2740-42-0x0000000002230000-0x00000000022E7000-memory.dmp

Filesize
732KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response